Stack Overflow
Stack Overflow

Questions tagged [aws-roles]

44 questions
4
votes
3 answers

IAM Role does not show in role list of EC2, even though I have the trust relationship set up correctly

I have the following demo role created for AWS: with the following trust relationship: Now, I am trying to modify the role of an EC2 instance to be DemoRoleForEC2, but the role is not appearing in the dropdown list: According to this answer here:…
Alberto A
  • 1,160
  • 4
  • 17
  • 35
2
votes
1 answer

Why do I get 'No roles attached to instance profile' when using path in AWS instance profile

I created an EC2 instance profile through a CloudFormation stack. The stack template contains the instance profile, the role for the instance profile, policies for the role, and permissions to use the instance profile. The role has the trust policy…
Jarno
  • 23
  • 5
2
votes
0 answers

Create Service role for AWS AppRunner

I am currently running a Next.js application on AWS AppRunner. Initially, when creating the service, I unintentionally left the Instance role in the Security section empty, resulting in AWS automatically creating a role for me. However, I now…
Susitha Ravinda Senarath
  • 1,648
  • 2
  • 27
  • 49
2
votes
1 answer

What is the most efficient way to give read-only access on all accounts in an AWS organization?

I'm new to AWS. Have some experience in Azure, but the organization/user account/permissions part is completely different to the tenant/managementgroup/subscription/azure AD way of thinking. In a multi-account (e.g. accounts A,B & C) organization,…
Jan Vanwezeren
  • 23
  • 2
2
votes
1 answer

Add permission boundaries to the stack

When I deploy a CDK stack - it creates several roles, both explicitly e.g. via iam.Role construct, and implicitly e.g. when roles are created internally by Level 2 constructs. Is there a way to attach an existing permission boundary to all the roles…
Yuriy Galanter
  • 38,833
  • 15
  • 69
  • 136
2
votes
1 answer

AWS: Service control policies (SCPs) can't affect service-linked roles

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html This page says these. What do these mean exactly? Are there any problems caused by this limitation? SCPs do not affect any service-linked role. Service-linked…
dmjy
  • 1,183
  • 3
  • 10
  • 26
1
vote
1 answer

Unable to create an AWS role in a specific PATH CLI

My user has a policy that allows him to iam:CreateRole and iam:DeleteRole but when I launch this command : aws iam create-role --role-name MyRole --path /projects/ --assume-role-policy-document file://MyRoleTrust.json But I have this error : An…
Zokulko
  • 211
  • 4
  • 25
1
vote
3 answers

How can i get putobject access to s3 from specific ec2 instance

I created S3 static web - public bucket and by default all the ec2 instance that i have in my account can upload files to the s3 bucket. My goal is to limit the access to upload files to the bucket just from spesific instance (My bastion instance)…
Adi Yahav
  • 11
  • 2
1
vote
1 answer

Add/attach AWS IAM Role to EC2 instance via terraform

i have a quick question here.. I am using terraform to deploy ec2 instances on AWS, and i need a way to attach AWS IAM Role to the instance. I have created manuall on AWS console an IAM Policy + role, and attached to EC2 instance and tested, it…
bflance
  • 63
  • 1
  • 1
  • 5
1
vote
1 answer

How do I create a boto3 sessions that both uses a local AWS profile (by name), and assumes a AWS IAM role?

This is not a duplicate. I have searched and could not find an exact match for this. I have Python code running on my local machine. I want to connect to AWS for the purpose of pulling a secret from AWS Secrets Management On my local machine…
user10664542
  • 1,106
  • 1
  • 23
  • 43
1
vote
1 answer

AWS Signature returns Forbidden for FunctionURL

I have created a Lambda function URL secured with IAM_AUTH and have created a user attached to a group containing a policy which can invoke function URLs. Taking the user's Access Key and Secret Key I can call the function url in Postman with a 200…
Matt W
  • 11,753
  • 25
  • 118
  • 215
1
vote
1 answer

ECS fargate, permissions to download file from S3

I am trying to deploy a ECR image to ECS Fargate. In the Dockerfile I run an AWS cli command to download a file from S3. However, I require the relevant permissions to access the S3 from ECS. There is a task role (under ECS task definition)…
Jake
  • 2,482
  • 7
  • 27
  • 51
1
vote
1 answer

How to assume iam role in makefile

How to assume an iam role in a makefile? I tried: deploy-non-prod: aws --version eval $(aws sts assume-role --role-arn arn:aws:iam::xxx:role/rl-some-role --role-session-name test | jq -r '.Credentials | "export…
DenCowboy
  • 13,884
  • 38
  • 114
  • 210
1
vote
0 answers

How to increase the sts:AssumeRoleWithWebIdentity session duration

I have a user pool & respective identity pool(where auth role is provided with sts:AssumeRoleWithWebIdentity). I want the session duration to be more than 1 hour(i believe that is the default time). How can i do that ? I was able to increase the max…
shiva rao
  • 163
  • 8
1
vote
0 answers

How to identify service-linked roles in AWS IAM

In AWS there are Service-Linked roles. It looks like over time AWS may have changed their policy regarding how these are identified, and the easiest way I can tell now is by using the Path for each role, with the /aws-service-role indicator in the…
glitchwizard
  • 421
  • 1
  • 6
  • 23
1
2 3