I am trying to create a docker on AWS. I have created a an account and now I am stuck on this page:
It asks for account ID and IAM username. I do not know my ID. Where is it?
On AWS docs it says log into your account and go to support center, but the support center login requires this same screen. Please let me know if I am doing something wrong.
Click the Sign-in using root account credentials link on the sign-in page and you will be prompted for an email address and password.
This will login as the Root account, which is all-powerful. In fact, it is so powerful that the recommendation is that you should immediately create a new IAM User, assign it Admin permissions and then never use the Root login again. You can assign Admin permissions by attaching the policy called AdministratorAccess.
While you are in the IAM console, you can create an account alias that you can use when logging in via the screen you have shown. It will also give you a URL you can use to access the correct sign-in page in future.
Related
How to show a custom message page to AWS Kibana users when he logs in first time without any roles assigned
Is there a way i can guide a new user that he doesnt have any roles assigned as of now and he can contact the admin.
Assuming that you are using Cognito for authentication, you can check the documentation to customize the sign-in page.
I want to setup MFA to other IAM users in AWS? Is there a way to do that? I only found that I could force them to authenticate themselves but is there a way for an administrator to setup MFA for other IAM users?
This can be done from the console, but you must be aware that you will need a device to bind it to that the user if they are to be able to login.
To do it you will need to go to the IAM console:
Go to the IAM console
Click the Users menu item.
Click on a User name link
Click the Security credentials tab
Next to the Assigned MFA device label click Manage
You can now sort out the MFA for the user
The administrator would need access to perform this action in IAM.
Just in case you are not aware you can also use the policy on the AWS: Allows MFA-Authenticated IAM Users to Manage Their Own MFA Device on the My Security Credentials Page page to prevent a user from doing anything whilst they do not have an MFA attached.
I dont think so this is possible.
You can enable it for a user but the user needs to go through the steps to establish the MFA.
It defeats the purpose of MFA if a third person has access to it, therefore industry best practice is for a user him/herself to set it up.
MFA details in AWS document link below: https://aws.amazon.com/iam/features/mfa/
We're trying to give a google cloud platform user account permission to change its own permissions and the permissions/roles of service accounts that it creates. Currently, the user account only has the default editor permission for the project it exists on. Essentially, we want to give it every permission that the owner account has except for viewing or modifying billing information. Is this possible?
We have looked at this video but there doesn't exist a role selection dropdown on service accounts anymore. When trying to edit the service account permissions to try and give it the roles/storage.admin permission, I get this notification:
The project owner has also tried to add the storage admin role to the service account, but roles don't show as they do in the video. All that is shown on his screen are these options:
I have two questions:
How can we give my google account permission to mess around with my own roles and permissions as well as the roles for the service accounts?
What is the current process for adding roles to a service account? Neither the docs nor the video from google seem to be up to date.
Your second screenshot shows you attempting to grant roles on the service account (as a resource, i.e. who can access the service account). You're trying to give the service account the storage admin role on the project. To do that, go to the IAM page, click "add" then provide the service account's email address as the member and select the storage admin role.
I'm not certain if this completely answers #1, but Custom Roles (currently in alpha) will give you the ability to create roles with custom sets of permissions. This will allow you to copy the Owner role and remove the billing permissions.
As for #2 - The screenshot shows the policy for the service account, not the project policy. The policy for the service account determines who has permissions to use that service account, not what permissions the service account has. You can find the project policy on the 'IAM & Admin > IAM' tab (instead of the IAM & Admin > Service accounts' tab).
As a new user I have been logging in for a couple of weeks now using my amazon login details. Yesterday I set myself up with a IAM user identity with administrator rights. After that I find I can no longer access my account. So for example trying to access Billing returns "You are currently signed in as an IAM user that does not have permissions to the requested page."
Biggest problem is the IAM login page appears to have hijacked the old login page where I could use my amazon credentials...
What to do?
From the documentation...
"If you want to sign in to the console using your AWS root account credentials instead of IAM user credentials, go to the account sign-in page and then click Sign in using root account credentials. The Amazon Web Services sign-in page appears that you can use to sign in with your AWS root account credentials."
If the link is missing make sure javascript is turned on.
Here is the relevant documentation:
The IAM Console and the Sign-in Page
How Users Sign In to Your Account
The sign-in endpoint follows this pattern:
https://AWS-account-ID-or-alias.signin.aws.amazon.com/console
In the long term it make sense to setup an easy to read account alias, but you will bookmark this page anyway. :D
Is it possible to disable a user account in WSO2 Identity Server 5.0 after a certain period of inactivity? Is there any way to implement this using a REST or SAOP API?
i'm new on WSO2 Identity Server, but I would try this way:
Create a scheduled job.
You can implement it as you want or, for example, you can use WSO2 Task Server features.
The scheduled could call a web service, who implements these steps:
read last login timestamp for each user in IS;
calculate difference from last login timestamp e current timestamp;
populate a list of users to disable;
for each user to disable, call the WSO2 Identity Server Admin Services to "disable operation".
I'don't find the "disable operation" implemented in IS, so i think you could realize a DISABLE status creating a role, called "USER_DISABLED", without login permission or try to remove login permission on the original role of the user.
As I said i'm new on WSO2 IS, but i would try this way.
Sorry for my english.
Bye
Vincenzo F.
You cannot directly disable the user account. what you can do is, you can disable user account by changing the permission of the user in the user group. In order to disable the login account You have to add the particular user to that user group. You can un-check it at the user permission tree.
Find the below steps to change the user permission:
Login to WSO2 IS Management Console.
Click on Configure to access the Configure menu.
From the Configure menu, select Users and Roles.
On the User Management page, click on the Roles link.
Locate the role you want to edit, and click on the Permissions link
associated with it.
On the Permissions of the Role page, deselect permissions assigned
to the role using the check-boxes.
finally click on the Update button to save the alterations.