Questions tagged with AWS Account Management
Content language: English
Sort by most recent
I have an API which is working with S3. There is an access key which I can't find in the list of IAM users, that key created about 4 years ago. It means I can't delete/disable it. Where I can find all my actual access keys and disable some old keys?
Thank you!
My aws account was hacked today and the person changed my email (that’s how I knew it). I only have the minimum privileges and I want to close this account which no longer serves me anything since I can do nothing about it. I obviously can’t do it myself, what should I do?
I'm having a hard time completing lab 4 for Cloud Technical Essentials. It's for the VPC and the link that I was supposed to choose is wrong. So now I'm not sure how to complete this lab. Any suggestions or guidance would be great because I would like to complete this lab and finish the others.
I have a client who has her email service via register.com and is running out of email space (and we've deleted the emails we can).
She has thousands of work related emails she'd like to save, and go through when she is able; and that way her "inbox" would be empty but she would still have access to all the emails when needed.
She does not want to use Amazon for her emails going forward, just to upload & store older emails.
Is that possible, and how can I find out details as to the cost, process, options, etc.
I tried numerous searches under "email storage" and nothing came up that was relevant.
Thank you,
Tina
I want to enable IAM Identity Center and configure an external IdP for an existing AWS account. This AWS account already has users, created with IAM.
What happens to these users?
I'm especially worried about users used by my application to, for example, access S3 buckets. They have no password but only an access key and secret. Will these users' keys work after the configuration of the external IdP?
Thanks
Hello,
I am aware of AWS Systems Manager templates ServiceNow has. But our team has a review and application process(terraform), hence we do not want to use this.
The usecase I have here: Automate ServiceNow requests (Push from ServiceNow?) to insert request details into an AWS Datastore(Dynamo). We have a post process from here that takes care of rest. The request , could be for resources such as Accounts, config, VPC.
I believe AWS Lambda makes sense for this effort, but I am also looking for a trigger from Service Now.
Please also let me know if there are better alternatives
Thank You.
In most regions the following KMS key policy
```
{
"Sid": "Enable IAM policies",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111122223333:root"
},
"Action": "kms:*",
"Resource": "*"
}
```
[allows the account to use IAM policies to allow access to the KMS key, in addition to the key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#key-policy-default-allow-root-enable-iam).
However, [in the Beijing and Ningxia Regions, there is no concept of the "root user" or "account user" credentials](https://docs.amazonaws.cn/en_us/aws/latest/userguide/iam.html#feature-diff). Creating KMS key with such policy (replacing `arn:aws:` with `arn:aws-cn:`) fails. Is it possible to enable IAM policies for KMS keys in Chinese regions? If so, how?
Being in the AWS Activate startup program, we've been allocated free credits. I know how to setup alerts for billing usage, but how can I setup alerts for credit usage?
For example; when credits are 50%-90% depleted I am notified.
Thanks
I ordered the free Yubico Key from AWS and have successfully set it up with the root user account from my computer. The root account also uses a virtual key for someone else in the company to access since they live in a different city. However, in Security Hub -> Security standards -> CIS AWS Foundations Benchmark v1.4.0 the compliance status is still marked as FAILED even though it has been weeks since this has been done. AWS Foundational Security Best Practices v1.0.0 also shows Failed, but shows No Data under CIS AWS Foundations Benchmark v1.2.0. Also show Failed under Findings. Is there something that I am missing to allow the check to be successful?
Looking at the Resource summary page for EC2, I just find out that I have VPCs, subnets and security groups active in various AWS regions. I honestly don't remember how I created them so I wonder if they gets created automatically in some way?
Do I need them? I only have EC2 instances in us-east-1.
Am I going to be charged for them? If so, how can I do some clean-up?
Thanks
Hello folks,
My company is an IT consulting firm that would like to enter the cloud industry and become an AWS partner. We aim to assist small and medium enterprises in migrating their on-premise infrastructure to the cloud and work on backup solutions.
One of my colleague has already managed to register for an AWS partnership account using our company name. However, the AWS partnership support is not helpful to assist us with any questions, and hence, I am trying to seek answers here.
Now that my AWS partnership account is created, I have a new business in assisting my customers with AWS migration, and I need to create a new AWS account. Here is my question: how do I verify that the new AWS account is actually part of the partnership? When I log in to the AWS partnership portal, it only shows one opportunity, and I cannot see anywhere that the new AWS account I created is linked to the partnership account.
Any expert who knows the answer, can you please help me out?
Thank you.
Yesterday we wanted to store my network load balancer access logs in a S3 bucket so by following the [docs](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-access-logs.html) we copied and edited the policy and when we pasted it and saved it, the NLB didn't have permission to use the bucket.
We noticed that the `"aws:SourceAccount": ["0123456789"]` kept getting saved as `"aws:SourceAccount": "0123456789"` even when we updated the policy using the AWS CLI (e.g. `aws s3api put-bucket-policy --bucket my-bucket --policy file://policy.json`)
Is this a bug in the API that is preventing me to use this as we want?
Any help would be greatly appreciated.