Questions tagged with AWS Identity and Access Management

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

How to get access to s3 for .NET SDK with the same credentials used for awscli?

I am on a federated account that only allows for 60 minutes access tokens. This makes using AWS difficult since I have to constantly relog in with MFA, even for the AWS CLI on my machine. I'm fairly certain that any programmatic secret access key and token I generate would be useless after an hour. I am writing a .NET program (.NET framework 4.8) that will run on a EC2 instance to read and write from an S3 bucket. As per the documentation example, they give this example to initalize the AmazonS3Client: ``` // Before running this app: // - Credentials must be specified in an AWS profile. If you use a profile other than // the [default] profile, also set the AWS_PROFILE environment variable. // - An AWS Region must be specified either in the [default] profile // or by setting the AWS_REGION environment variable. var s3client = new AmazonS3Client(); ``` I've looked into SecretManager and ParameterStore, but that would matter if the programmatic access keys go inactive after an hour. Perhaps there is another way to give the program access to S3 and the SDK... If I cannot use access keys and tokens stored in a file, could I use the IAM access that awscli uses? For example, I can type into powershell `aws s3 ls s3://mybucket` to list and read files from s3 to the ec2 instance. Could the .NET SDK use the same credentials to access the S3 bucket?
1
answers
0
votes
13
views
asked 2 days ago

How to deal with multiple duplicate keys (Fn::Sub) in a aws cloudformation template?

I have a policy that is being made in a cloudformation template. I want to add two resources to the policy, they end up being `arn::bucket` and `arn::bucket/*`. The issue is that the `arn` is a parameter and I get the error: `[cfn-lint] E0000: Duplicate resource found "Fn::Sub" (line 161)`. I understand that it doesn't like the duplicates. ``` "RolePolicies": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "GetGEBucketPutCustomerBucket", "PolicyDocument": { "Statement": [ { "Action": [ "s3:PutObject", "s3:GetObject", "s3:GetObjectAttributes", "s3:GetObjectTagging", "s3:ListBucket", "s3:DeleteObject" ], "Effect": "Allow", "Resource": { "Fn::Sub": [ "${arn}/*", { "arn": { "Ref": "CustomerS3BucketARN" } } ], "Fn::Sub": [ "${arn}", { "arn": { "Ref": "CustomerS3BucketARN" } } ] } } ] }, "Roles": [ { "Ref": "InstanceRole" } ] }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "a713fcc6-95c8-423f-a5b8-0020a81e5ce4" } } } ``` However, this cloudformation is allowed to run, but produces errors. When viewing the policy in IAM console window after create, I see that both of the resources were not created. ![IAM Console](/media/postImages/original/IM-C-6juMgR12vBi6kAOuH5Q) IAM policy editor gives me this error. `Ln 1, Col 0Missing Version: We recommend that you specify the Version element to help you with debugging permission issues.` since the resource than ends with `/*` wasn't created by cloud formation.
0
answers
0
votes
21
views
asked 2 days ago