Questions tagged with Security, Identity, & Compliance
Content language: English
Sort by most recent
I would like to know how could a customer route messages from different devices, e.g. life sciences lab or manufacturing instruments, at the edge using AWS IoT services. The idea is to allow a mesh connectivity at the edge and only some messages will need to be routed to the AWS Cloud for storage or further processing.
asked 13 days ago
Hi,
We want to collect some customers Sensitive data in Lex prompts (store in Lex slots). We don't want to show that in Customer chat widget or Chat transcript in agent side. We tried to use obfuscate. It is not helping us on this.
I will appreciate your feedback on this.
Thanks,
Selva
I'm using Amazon SES, and I'd like to increase my recipient quota from 50 to 200. The documentation (https://docs.aws.amazon.com/ses/latest/dg/quotas.html) says I need to contact my account manager to request an increase.
I opened a support case, and got a message that read in part: "...The channel you have contacted is for Amazon Simple Email Service limit increase requests. Therefore, I cannot provide technical support through this channel"
That sounds like exactly the place I should ask for a limit increase, but they directed me here instead. Has anyone successfully gotten a recipient quota increase in SES? If so, how?
Thanks All!
Hello Team,
I want to import our internal third-party intelligence feeds into guard duty. Is there any manual way or automated way to do so? Please let me know if any unconventional solutions are available that I can use in my situation.
Thanks in advance!!
Do we have any documentation or resources that talks about how AWS has implemented IAM, trust, least privilege, etc.
Hi, we were recently hacked and we now have access to our console again. We only use S3 but when logged back in I see that many other things were accessed and that a major part of charges come from appstream 2.0. Here is what we can see that was recently viewed. https://www.screencast.com/t/HtGis0sSY.
My question is, is there a way for me to remove appstream 2.0 and any of the other items in the screenshot above to really lock the count down. What should I be looking at to make sure that the hacked account is in proper order and that it is locked down tight? Any help would be greatly appreciated.
I got an email mentioning the above with the below, looks like my credentials have been compromised and someone changed the details apparently without requiring any confirmation of OTP or otherwise... I submitted via can't login as I cannot login to create a ticket !!... Doesn't seem that this should be so hard to report and get assistance with... Any advice ??
Why doesn't any change require an OTP or confirmation of some sort ? This seems way too easy to be locked out.
Greetings from Amazon Web Services,
As you requested, the email address associated with your AWS account has been updated.
Old email address: xxxxxxxxxxxxxx@xxx.xxx
New email address: Txxxxxxx@teleworm.us
To view or edit your account settings, please visit the “My Account” page at
https://console.aws.amazon.com/billing/home?#/account.
I know that an access key gives programmatic access to your AWS account and that an access key of a root account gives full access, but is the access key for a created user limited by the permissions that the user has? I understand it's best to create a user with only the permissions needed, and then create an access key for that user. Is that why?
This may sound like a basic question but I can't find a confirmation of this. I'm hoping someone can confirm this.
I am installing Greengrass V2 on core devices, following the steps in https://docs.aws.amazon.com/greengrass/v2/developerguide/getting-started.html, heading 'Install the AWS IoT Greengrass Core software (CLI)' for Linux.
The role alias, and iot core policy is clear enough - I can see how they are created. The installation script also creates another policy, which seems to be callled 'GreengrassTESCertificatePolicy{*nameOfRoleAlias*}'.
For example, if I install device 1 with a role alias of 'Foo' and device 2 with a role alias of 'Bar', the installation scripts above will lead to the creation of policies 'GreengrassTESCertificatePolicyFoo' and 'GreengrassTESCertificatePolicyBar', respectively.
My questions:
- Is there a way to specify the name of that policy in the install script, to allow devices to use that upon install instead of creating another ?
- Is it possible to add that permission to the standard GreengrassV2IoTThingPolicy, and omit a second policy that serves just one purpose ?
Hi,
Is there a way to obtain a username of a user that's loging in with Identity Center?
I want to implement [this](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#policy-vars-wheretouse) same thing that works fine with regular IAM users.
Thanks!
Hi, I'm an AWS administrator trying to transfer from the old IAM user approach to the new IAM Identity Center approach.
In the past, user Bob was attached to user group 'Developers' and then I gave Developers access to 'S3FullAccess'
In the new system, user Bob is attached to group 'Developers' to an account 'Developers' and then attach a permissions set with 'S3FullAccess' to that account.
My question is, why is there this abstraction to accounts and why do they need their own **email**? Am I expected to make a *new* email per group of users in AWS? This just seems like a redundancy.
My exact business case is that I'm trying to create a group of **admins** (from which there's already the management account we've been using) and then a group of **developers** (which have a different current UserGroup (without a separate email)) with least-privileged access to a few services for an application we're building, and then also a group for our **web developers** that maintain our website through AWS. I'd rather corral them in AWS internally without external email accounts as the old IAM currently does, and I don't understand the usefulness of abstracting them to accounts. **Am I missing something? Is there another way to do this, or is there usefulness I'm not seeing?**
To accomplish my current function with IAM Identity Center I need to have a **management account** (the first user), an **application development account** (account A), and a **website development account** (account B) correct?
Please I need urgent help, i am a student and aws wont stop charing me every month. i have filed a report. How do i get my money back???????
AWS keeps charging me for my fee tier, how do I get my money back and cancel the subscription?????
AWS keeps charging me for my fee tier, how do I get my money back and cancel the subscription????? Please connect me to someone asap!!!!!!!!@