Questions tagged with Security, Identity, & Compliance
Content language: English
Sort by most recent
Hi, we configured SSO for QuickSight and followed the instructions in this blog: https://aws.amazon.com/de/blogs/big-data/enable-federation-to-amazon-quicksight-with-automatic-provisioning-of-users-between-aws-iam-identity-center-and-microsoft-azure-ad/ However, in this article every user will be an admin, because https://aws.amazon.com/SAML/Attributes/Role will always be mapped to arn:aws:iam:: <YourAWSAccount ID>:role/QuickSight-Admin-Role - the role does not depend on the user group. ![Enter image description here](/media/postImages/original/IM8xZxakPnSvCrXgsmqDns_A) As described in the article, we created 3 IAM roles and Azure AD groups (Admin, Author, Reader). How can we assign IAM roles to the AD group? We already tried using claims in Azure AD, as described here: https://aws.amazon.com/de/blogs/big-data/enabling-amazon-quicksight-federation-with-azure-ad/
Hi team, in my team, we have our code and pipelines in AWS code commit and codePipeline, **our AWS account doesn't allow creating IAM users nor long-lived credentials. also, outbound connections are blocked in our ASEA AWS account (no internet access)** we need to integrate with other teams using AzureDevops (ADO), in this case, how can we allow to deploy to AWS from ADO? is there a specific AWS role to allow another cloud vendor to deploy to AWS (ADO --> AWS) Thank you!!
AWS IAM Identity Center error "Looks like this code isn't right." when using Azure AD as external provider
I'm setting up a test instance of AWS identity Centre using Azure AD as the external provider. I've set it up using the instructions provided but get a very generic error of "Looks like this code isn't right. Please try again." My Googling hasn't bought up anything specific. When I test the SSO from Azure, it says that it successfully issued a token. So it is presumably an issue on the AWS side. Has anyone come across this before?
hello When i try to make new instance but i got below alert msg. "This account is currently blocked and not recognized as a valid account. Please contact firstname.lastname@example.org if you have questions." what is wrong? and How can i UNBLOCK my account?
I have recently used a 100% AWS associate voucher to book an exam schedule on VUE. However, I would like to cancel this schedule to take back the voucher and apply the voucher to my friend's account. Is this possible? If so, what are the steps I need to follow? I appreciate your assistance and prompt response on this matter.
I received an email from AWS entitled "Update Root User Email Address for AWS Account". I'm trying to understand what it's actually asking me to do. The complete body of the email is below. Is it saying that I'm using the same email address for AWS (the cloud platform) and Amazon.com (the store) and that I need to change the email address in AWS to something different? I find this message *incredibly* difficult to parse. > You are receiving this message because we have identified that you are currently using the same email address for this AWS account (as listed in the Subject line) and for additional AWS account(s), which are associated with your Amazon.com account. We strongly recommend that you update the root user email address  for this AWS account as soon as possible to separate access to your additional AWS account(s) linked to your Amazon.com account. If you do not take any action by April 10, 2023, we will require you to update your email before accessing this AWS account when you sign in next to your account. > > After you have changed the root user email address for this account, you will be able to use it to access your account. At that point, we can finish separating your additional AWS account(s) from your Amazon.com account. > > The following are your additional AWS account(s) linked to your Amazon.com account: > 999999999999 > > After you receive a confirmation email from email@example.com, you can then sign in with the existing root email address for the additional AWS Account(s) and access new features. This can include enhancing the security of your sign-in experience with other Multi-Factor Authentication (MFA) device types, including hardware security keys , and monitoring root user activity through AWS CloudTrail .
I've got a use case where I would like to connect to Lex from a client app (desktop app). I would not like the user to abuse the credentials, and also have full control on how many AudioInput events can be sent. The documenation for Lex v2 states that we cannot use temporary credentials. Is there any alternatives?
My organization has a few users who were using AWS before we officially began managing it. Their accounts are using the same domain as us, but we're unable to see which users these are. Is there a way to see these users? What happens to these users login when we enable SSO?
Im not able grant permission even after adding all the required permissions to role in aws lake formation.![.](/media/postImages/original/IMT7U4NCSNS_eTLMUK08exVQ)
Hey guys, Hope you are doing well today! I have a question regarding AWS config, I want to deploy the service and download the HIPAA conformance pack. I wanted to have your guidance in order to know what are the minimal user permissions I'll need in order to deploy and maintain this service? Thanks in advance!
I have configured the Grafana workspace using the SAML configuration, and I can able login to Grafana console not able to see the admin privileges in the console like I can't see the configuration setting option in the console.
I have tried to reach HIPPA related AWS documention under OpenSearch http://aws.amazon.com/compliance/services-in-scope/ https://d0.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf and I receive the following error message <Error> <Code>AccessDenied</Code> <Message>Access Denied</Message> <RequestId>91P6TTQ7SSGYPXBE</RequestId> <HostId>n3jAqjoQVfJPLwRCZiujbueP8JJ5Dh/ptFKtEi1UBsSxFGw7t0SVlxMuD6fJr4vy3KFnDQavEf6UIvLWpCt54w==</HostId> </Error> This occurs if I am logged in or not. Thanks for your attention