AUTHOR: http://aws.typepad.com/aws/2013/11/amazon-ec2-resource-level-permissions-for-runinstances.html LINK!

Recent AWS Customer Success Stories & Videos

More AWS Customer Success Stories...

« AWS re:Invent 2013 Video re:Cap | Main | AWS Week in Review - November 18, 2013 »

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Jack

The additions are great, but somehow it's not very obvious what goes wrong when it doesn't work.

I've followed the above policy definitions pretty closely, but somehow I keep getting the "You are not authorized to perform this operation." error and the encoded failure message just says that no statements were matched, so that's more of a passive error than anything else and without knowing how it's trying to match the statements, I'm nowhere near finding a solution

I've posted this particular issue here: http://stackoverflow.com/questions/20118810/minimal-iam-policy-for-ec2runinstances

Jack

I just wanted to thank Derek and Jeff again for helping me find out what was causing my particular issue.

The take away here is that the account number portion of the ARN is important; to be on the safe side I've now added them for all my resource references. If you leave them empty, which is common for "aws:s3" resources, they will not (reliably) get matched against the policy.

I would like to add that, since this could potentially cause issues for beginners (and novices like myself even), I think it would be a good idea to make IAM aware of these kind of mistakes while editing the policy.

Looking forward to other great new features =D

The comments to this entry are closed.

Featured Events

The AWS Report


Brought to You By

Jeff Barr (@jeffbarr):



Jinesh Varia (@jinman):


Email Subscription

Enter your email address:

Delivered by FeedBurner

April 2014

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30