I Have users created in AWS, but I am not able to locate if they have been only given programmatic access or console access or they have been provided with both. is there a way to check , edit, or know what type of access is being used by a user. >Solution : In the… Read More How to know user created in AWS has what access
I am using below python code to list all the IAM Role Names. from boto3 import Session import logging from botocore.exceptions import ClientError logger = logging.getLogger(__name__) def list_iam_roles(profile): boto_sess = Session(profile_name=profile) client = boto_sess.client(‘iam’) roles = client.list_roles() for role in roles["Roles"]: print (role["RoleName"]) return list_iam_roles(‘some_profile’) It successfully returns the list of the all the IAM… Read More List RoleNames based on Action in AssumeRolePolicyDocument using boto3
I am using AWS apigateway to trigger a lambda function. I deployed them from serverless framework, the configuration looks like: handler: handler: src/index.handler name: handler tracing: true role: updateRole events: – http: path: /contact/{id} method: patch integration: lambda request: parameters: paths: id: true after deploy, it works perfect. But what I don’t understand is how… Read More How can I specify apigateway's role to give permission to invoke a lambda?
For an IAM policy, let’s say there are two policies: A policy with a single statement to allow access. A second policy with a single statement to deny access. For example: // first document { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowS3ListRead", "Effect": "Allow", "Action": ["s3:ListAllMyBuckets"], "Resource": "*", "Principal": { "AWS": "arn:aws:iam::12345:group/davidsgroup" } } ]… Read More Evaluation logic in IAM policy across multiple json policies
I logged into aws console with DevUser role and updated bucket policy with deny all as per below: { "Version": "2012-10-17", "Statement": [ { "Sid": "Statement1", "Principal": "*", "Effect": "Deny", "Action": "*", "Resource": "arn:aws:s3:::bucketName" } ] } After doing this i am not able to list bucket permissions or view anything under the bucket as… Read More Not able to update/delete Bucket policy with admin role after adding a Deny policy
I don’t have a team and I don’t want to create limited scope users to access the console, apart from programmatic accesses that my code uses. However logging in with root is cumbersome as they ask for a captcha all the time. This results in not checking my billing regularly enough. I’d go as far… Read More How to re-create root user with IAM on AWS?