Questions tagged with AWS Management Console
Content language: English
Sort by most recent
How to hide IAM users under a root user seeing each other, specially the IAM user who created another IAM user under it
Specifically one issue I have is: 1. I have created a "root account in AWS. 2. Under this root account I have created a master-admin IAM account with full access 3. Logged off root user and logged in back using master-admin user. 4. Created a new IAM account for the new developer. 5. However, when I logged off my master-admin account and logged in as the new developer, I can see and have access to my master-admin account which is not right since the developer "apparently" can modify or delete my master-admin account. The developer IAM SHOULD NOT be able to see other IAM accounts specially the master-admin account. So my question is what have I not done right?
AWS Control Tower failed to set up your landing zone completely: You don't have permissions to access this resource
I have already decommissioned AWS tower from ap-northeast-1 and want to reconfigure AWS tower again on the same region ap-northeast-1 But when I setup landing zone again. I received this error message "AWS Control Tower failed to set up your landing zone completely: You don't have permissions to access this resource" Can someone help me on this issue ? really appreciate as its high priority. -->> Already performed manual decommission process <<--
Update email address used for communications from AWS
Where can I go to change or add another email address used for communications from AWS? For example, AWS periodically sends out deprecation notices to users and I get them at my primary email address. I'd like them to go to another address but can't seem to find where to set this. I tried updating the Alternate Contacts in the Accounts screen (I updated both Operations and Security contacts) but I'm not getting the emails at those addresses. Thanks!
Cannot create CloudFont Distribute
My account does not allow to create CloudFont Distribution. This is error details: "Your account must be verified before you can add new CloudFront resources. To verify your account, please contact AWS Support (https://console.aws.amazon.com/support/home#/) and include this error message.". How can I fix it?
How to monitor traffic. May be life traffic monitoring?
I am developing the webapp and suddenly traffic gets so big. There is no users yet only one frontend and one backend developer and the traffic in two weeks is over 150gb. Is there a way to find out what is taking so much traffic? Is it possible that there is life monitoring system in the AWS that I am not aware of?
Document that AWS backup doesn't always backup files written immediately before taking a backup
I have noticed that AWS backup for EFS is not behaving as I was expecting. There appear to be delays occasionally on the files backed up by AWS backup. Example Scenario: 1. Save fileA.txt to EFS 2. Take a AWS backup immediately afterwards 3. Restore the backup. I find that fileA.txt doesn't exist in the restore but exists in the file system. It appears files saved immediately before taking a backup are not guaranteed to be backed up. Is this the case? If so can this be documented in the AWS docs. If not is this a bug?
Your Request For Accessing AWS Resources Has Been Validated
Hi Team, I have received the below email from aws. [You recently requested an AWS Service that required additional validation. Your request has now been validated for AWS Asia Pacific (Mumbai) region(s). If you are still experiencing difficulty, please contact us at firstname.lastname@example.org <[[mailto:email@example.com]]>.] This is 2 year old aws account. I was using only us-east-1 region. when I tried creating resources in another region, I got the email. I had not requested for any validation. What is the reason I got this mail from aws?
Is there and open source security platform(CIEM/CSPM) which implements or calculates AWS's effective permissions for stating out the permission boundaries of iam identities?
Hi. I wanted to know if there was any opensource security platform which uses the AWS permissions boundary to evaluate the effective permission for a particular identity? Can someone point me out to some documentation for github for such products. Thanks
Cant submit array batch job with with sequential dependency with the management console.
I'm trying to create an array batch job with `SEQUENTIAL` job dependency as described here. https://docs.aws.amazon.com/batch/latest/userguide/submit_job.html But there is no option for that in the UI, I can only create a job dependency with a job id. I know this used to be possible as descriped in the docs. !(/media/postImages/original/IMThxbmDGCRkW5II6X6uRg3Q)
How to support expired password change with an IP restriction (user should be on a VPN)?
We currently have explicit denies policies to prevent our IAM users to do any action unless they are logged into our VPN via an IP address list restriction. The issue is that in the case an user would let his / her password expire, then this user will be forced by AWS to change it at the next login attempt: in that case, the API call to AWS to effectively change the password will be performed from AWS itself on behalf of the user, which of course is not logged on our VPN and therefore does not match the IP address list restriction. The only workaround so far is to create another role lifting this VPN restriction just for this use-case, assigned to users temporarily just to give them the time to change their password. On top of bring overhead, it creates risk if the assignment back to the secure VPN-restricted role is not done. Any hint to a more elegant / better solution? Thanks