4337 links
  • Arnaud's links
  • Home
  • Login
  • RSS Feed
  • ATOM Feed
  • Tag cloud
  • Picture wall
  • Daily
    Type 1 or more characters for results.
    Links per page: 20 50 100
    ◄Older
    page 1 / 2
    23 results tagged iam x
    • Working with presigned URLs - Amazon Simple Storage Service

      If you created a presigned URL by using a temporary token, then the URL expires when the token expires, even if you created the URL with a later expiration time. For more information about how the credentials you use affect the expiration time, see Who can create a presigned URL.

      So you have to use regular IAM user instead of IAM role for service generating presigned urls..? :-/

      August 12, 2023 at 10:53:10 AM GMT+2 - permalink - archive.org - https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-presigned-url.html#who-presigned-url
      aws iam presigned s3
    • Cross-account IAM permissions - Amazon EKS
      April 13, 2023 at 5:53:34 PM GMT+2 - permalink - archive.org - https://docs.aws.amazon.com/eks/latest/userguide/cross-account-access.html
      account cross eks iam oidc
    • iam-policy-json-to-terraform - Easily convert AWS IAM policies to Terraform HCL

      via nedim

      November 24, 2022 at 9:33:44 AM GMT+1 * - permalink - archive.org - https://flosell.github.io/iam-policy-json-to-terraform/
      aws hcl iam json terraform
    • Actions, resources, and condition keys for AWS services - Service Authorization Reference

      google iam resources list

      September 5, 2022 at 5:59:18 PM GMT+2 - permalink - archive.org - https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
      api iam
    • IAM Roles for Service Accounts - Amazon EKS

      This feature also eliminates the need for third-party solutions such as kiam or kube2iam.

      great

      December 15, 2019 at 4:36:18 PM GMT+1 - permalink - archive.org - https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
      eks iam role
    • thumbnail
      Identify Unintended Resource Access with AWS Identity and Access Management (IAM) Access Analyzer | AWS News Blog
      December 3, 2019 at 9:41:36 AM GMT+1 - permalink - archive.org - https://aws.amazon.com/fr/blogs/aws/identify-unintended-resource-access-with-aws-identity-and-access-management-iam-access-analyzer/
      audit aws iam
    • Keycloak
      March 27, 2019 at 9:02:30 PM GMT+1 - permalink - archive.org - https://www.keycloak.org/
      iam k8s
    • kiam/README.md at master · uswitch/kiam · GitHub

      Une alternative à kube2iam qui est apparemment plus secure

      March 27, 2019 at 8:46:01 PM GMT+1 * - permalink - archive.org - https://github.com/uswitch/kiam/blob/master/README.md
      iam k8s
    • thumbnail
      Installing kube2iam in AWS Kubernetes EKS Cluster | Carlos Sanchez's Weblog
      March 26, 2019 at 9:33:47 AM GMT+1 - permalink - archive.org - https://blog.csanchez.org/2018/11/14/installing-kube2iam-in-aws-kubernetes-eks-cluster/
      iam k8s
    • thumbnail
      jtblin/kube2iam: kube2iam provides different AWS IAM roles for pods running on Kubernetes
      March 6, 2019 at 9:54:26 AM GMT+1 - permalink - archive.org - https://github.com/jtblin/kube2iam
      eks iam k8s policy role
    • Note: List users and their inline attached policies

      for user in $(aws iam list-users|jq '.Users|.[]|.UserName' -r); do echo $user;aws iam list-user-policies --user-name $user; done

      September 22, 2017 at 10:19:31 AM GMT+2 - permalink - archive.org - https://links.infomee.fr/?xhJZ2g
      aws iam
    • upload-server-certificate — AWS CLI 1.11.124 Command Reference

      --path

      July 25, 2017 at 11:07:06 AM GMT+2 - permalink - archive.org - http://docs.aws.amazon.com/cli/latest/reference/iam/upload-server-certificate.html
      aws iam ssl
    • Example 2: Bucket Owner Granting Cross-Account Bucket Permissions - Amazon Simple Storage Service
      Donc pour autoriser un compte externe, on va créer une bucket policy sur notre bucket pour autoriser "arn:aws:iam::account_id:root" ou plus précis sur l'user arn:aws:iam::account_id:user/foobar ou le role

      C'est le compte en face qui va décider qui a le droit de venir sur notre bucket avec des user policy standard (quand on est dans le contexte du compte en face, c'est comme si le bucket nous appartenait)

      Exemple bucket policy à mettre sur le BUCKET de l'account A pour autoriser l'account xxx en RW


      {
          "Version": "2012-10-17",
          "Statement": [





              {
                  "Sid": "Allow account_xx on aws account xxx RW",
                  "Effect": "Allow",
                  "Principal": {
                      "AWS": "arn:aws:iam::OTHER_ACCOUNT_ID:root"
                  },
                  "Action": ["s3:GetBucketLocation", "s3:ListBucket"],
                  "Resource": "arn:aws:s3:::BUCKET"
              },
              {
                  "Sid": "Allow account_xx on aws account xxx RW",
                  "Effect": "Allow",
                  "Principal": {
                      "AWS": "arn:aws:iam::OTHER_ACCOUNT_ID:root"
                  },
                  "Action": [
                      "s3:*"
                  ],
                  "Resource": "arn:aws:s3:::BUCKET/*"
              }




          ]
      }

      Pour Read only, remplacer action du deuxieme bloc par "Action": ["s3:Get*","s3:List*"],
      June 12, 2017 at 8:48:42 AM GMT+2 * - permalink - archive.org - http://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example2.html
      aws cross iam policy s3
    • Note: s3 policy one bucket
      ReadWrite :

      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                   "Action": ["s3:GetBucketLocation", "s3:ListBucket"],
                  "Resource": [
                      "arn:aws:s3:::LeBucket"
                  ]
              },
              {
                  "Effect": "Allow",
                  "Action": [
                      "s3:*"
                  ],
                  "Resource": [
                      "arn:aws:s3:::LeBucket/*"
                  ]
              }
          ]
      }

      Pour Read only, remplacer action du deuxieme bloc par "Action": ["s3:Get*","s3:List*"],
      May 17, 2017 at 5:02:27 PM GMT+2 * - permalink - archive.org - https://links.infomee.fr/?Vp7r6Q
      aws iam s3
    • thumbnail
      rvedotrc/aws-iam-reference: A list of all known IAM actions; and a way of updating that list
      April 13, 2017 at 2:36:05 PM GMT+2 - permalink - archive.org - https://github.com/rvedotrc/aws-iam-reference
      actions iam
    • thumbnail
      IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources) | AWS Security Blog

      Easy one?
      Not even close

      March 24, 2017 at 12:24:51 PM GMT+1 - permalink - archive.org - https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/
      iam policy s3
    • Note: How to know which policy contains a specific action?
      Warning : this loop does a lot of call to aws api, use it with caution

      To know that I needed to list all policies and associated statements (for the default policy version)

      ```
      #!/bin/bash
      IFS=$'\n'
      for line in $(aws iam list-policies|jq '.Policies|.[]|[ .PolicyName, .Arn, .DefaultVersionId ]| @csv' -r|sed 's/","/ /g'|sed 's/"//g'); do
          name=$(echo $line|cut -d' ' -f1);
          arn=$(echo $line|cut -d' ' -f2);
          version=$(echo $line|cut -d' ' -f3);
          echo "$name"
          aws iam get-policy-version --policy-arn $arn --version-id $version
      done
      ```

      Put this in a script, redirect output to a file and go get grep!
      February 22, 2017 at 4:16:06 PM GMT+1 * - permalink - archive.org - https://links.infomee.fr/?bERNcg
      aws bash for foreach iam policy separator
    • Note sur les Policy IAM

      Une policy IAM est constituée de statement, ce sont des règles (des blocs de codes)

      {
      "Statement":[{
      "Effect":"effect",
      "Action":"action",
      "Resource":"arn",
      "Condition":{
      "condition":{
      "key":"value"
      }
      }
      }
      ]
      }

      Chaque règle dans sa forme la plus simple est composée de 3 choses :

      Effect : allow ou deny

      Action : quelle action concerne la règle

      Resource : la resource concernée

      Chaque service Amazon (EC2, ECR, etc...) expose une liste d'action, on peut trouver cette liste dans la doc (http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Action)

      Et chaque resource peut être identifiée par un arn (une manière simple de retrouver un ARN est d'afficher la resources dans l'interface web AWS, il y a souvent l'arn)

      December 12, 2016 at 12:59:10 PM GMT+1 - permalink - archive.org - https://links.infomee.fr/?3KOHAQ
      aws iam policy
    • Managed Policies and Inline Policies - AWS Identity and Access Management

      AWS Managed VS Customer Manageg VS Inline

      September 22, 2016 at 11:08:16 AM GMT+2 - permalink - archive.org - http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
      iam policy
    • Identities (Users, Groups, and Roles) - AWS Identity and Access Management

      Diff between user and role

      September 21, 2016 at 11:21:30 AM GMT+2 - permalink - archive.org - http://docs.aws.amazon.com/IAM/latest/UserGuide/id.html
      aws iam
    Links per page: 20 50 100
    ◄Older
    page 1 / 2
    Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Help/documentation