amazon-iam

问题 I am trying to execute a cloudformation stack which contains the following resources: Codebuild project Codepipeline pipeline Roles needed While trying to execute the stack, it fails with the following error: arn:aws:iam::ACCOUNT_ID:role/CodePipelineRole is not authorized to perform AssumeRole on role arn:aws:iam::ACCOUNT_ID:role/CodePipelineRole (Service: AWSCodePipeline; Status Code: 400; Error Code: InvalidStructureException; Request ID: 7de2b1c6-a432-47e6-8208-2c0072ebaf4b) I created the

问题 I am trying to execute a cloudformation stack which contains the following resources: Codebuild project Codepipeline pipeline Roles needed While trying to execute the stack, it fails with the following error: arn:aws:iam::ACCOUNT_ID:role/CodePipelineRole is not authorized to perform AssumeRole on role arn:aws:iam::ACCOUNT_ID:role/CodePipelineRole (Service: AWSCodePipeline; Status Code: 400; Error Code: InvalidStructureException; Request ID: 7de2b1c6-a432-47e6-8208-2c0072ebaf4b) I created the

问题 I'm having a really hard time setting up my bucket policy, it looks like my bucket policy only applies to some objects in my bucket. What I want is pretty simple: I store video files in the bucket and I want them to be exclusively downloadable from my webiste. My approach is to block everything by default, and then add allow rules: Give full rights to root and Alice user. Give public access to files in my bucket from only specific referers (my websites). Note: I manually made all the objects

问题 I would like to deny public access to an AWS API Gateway and only allow access when the API is invoked with a specific role. In my test there are two gateways, and one calls the other: Public Gateway -> Private Gateway I want to be able to visit Public Gateway endpoints in a browser and receive a 2XX response, and when visiting the Private Gateway directly I should receive a 4XX response. The only way to access the Private Gateway should be via the Public Gateway (which proxies to the Private

问题 I would like to deny public access to an AWS API Gateway and only allow access when the API is invoked with a specific role. In my test there are two gateways, and one calls the other: Public Gateway -> Private Gateway I want to be able to visit Public Gateway endpoints in a browser and receive a 2XX response, and when visiting the Private Gateway directly I should receive a 4XX response. The only way to access the Private Gateway should be via the Public Gateway (which proxies to the Private

问题 I would like to deny public access to an AWS API Gateway and only allow access when the API is invoked with a specific role. In my test there are two gateways, and one calls the other: Public Gateway -> Private Gateway I want to be able to visit Public Gateway endpoints in a browser and receive a 2XX response, and when visiting the Private Gateway directly I should receive a 4XX response. The only way to access the Private Gateway should be via the Public Gateway (which proxies to the Private

问题 The internal API's we test need to go through the process of signing them (i.e., get AWS Signature) & add the signed headers to 'request headers' before we do any CRUD operation. Signing the requests can happen through AWS-SDK or using something like this https://github.com/lucasweb78/aws-v4-signer-java (if our tests are written completely in Java) What would be the optimum way of achieving this in Karate DSL. Please suggest. 回答1: Read the docs: https://github.com/intuit/karate#http-basic

问题 How can I add the below listed SQS permission using AWS CLI command? "Statement": [ { "Sid": "Sid8390000202", "Effect": "Allow", "Principal": "*", "Action": "SQS:*", "Resource": "arn:aws:sqs:us-east-1:12345678:example-queue", "Condition": { "ArnEquals": { "aws:SourceArn": "arn:aws:sns:us-east-1:73628827939:MySNS" } } } ] 回答1: You can save the file locally as set-queue-attributes.json with the following policy. { "Id": "Policy1564523767951", "Version": "2012-10-17", "Statement": [ { "Sid":

问题 I have seen several links, but I have to see an example. I have: resource "aws_iam_role" "role" { name = "role" assume_role_policy = <<-EOF { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1590217939125", "Action": "s3:*", "Effect": "Allow", "Resource": "arn:aws:s3:::wwe" }, { "Sid": "Stmt1590217939125", "Action": "s3:*", "Effect": "Allow", "Resource": "arn:aws:s3:::wwe/*" }, { "Sid": "Stmt1577967806846", "Action": [ "secretsmanager:DescribeSecret", "secretsmanager:GetRandomPassword",

问题 I have been using access/secret keys with terraform to create/manage our infrastructure in AWS. However, I am trying to switch to using IAM role instead. I should be able to use a role in my account and assume the role in another account and should be able to run plan, apply etc to build infra in the other account. Any ideas, please suggest. So far, I am testing with https://www.terraform.io/docs/providers/aws/, but for some reason, it is not working for me or the instructions are not clear