Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Self-managed policy in iam-group-with-policies does not work for users with path #334

Closed
1 task done
enver opened this issue Jan 31, 2023 · 4 comments · Fixed by #335
Closed
1 task done

Self-managed policy in iam-group-with-policies does not work for users with path #334

enver opened this issue Jan 31, 2023 · 4 comments · Fixed by #335

Comments

@enver
Copy link
Contributor

enver commented Jan 31, 2023

Description

Self-managed policy in iam-group-with-policies does not work for users with path since 5.11.0. Changes introduced removed support for users with path.

  • ✋ I have searched the open/closed issues and my issue is not listed.

Versions

  • Module version [Required]: v5.11.0+

  • Terraform version:
    Terraform v1.3.7
    on darwin_amd64

  • Provider version(s):
    provider registry.terraform.io/hashicorp/aws v4.52.0

Reproduction Code [Required]

examples/iam-group-with-policies

Steps to reproduce the behavior:

  • After applying the example update path for one of the users to i.e. /developers/
  • Remove user from superadmins group
  • NOTE: to workaround issue MFA enforced for groups with policies since 5.11.0 #332 remove DenyAllExceptListedIfNoMFA statement from self managed policies.
  • Enable console access
  • Login with modified user account
  • Try to execute one of the statements from self managed policy. i.e. create IAM access keys

Expected behavior

Users with path should be able to perform actions granted in self manage policy.

Actual behavior

An error is returned: You do not have the permission required to perform this operation. Ask your administrator to add permissions.

Terminal Output Screenshot(s)

Additional context

Introduced in PR #313
@enver enver mentioned this issue Jan 31, 2023
Merged
3 tasks
@github-actions
Copy link

github-actions bot commented Mar 3, 2023

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

@github-actions github-actions bot added the stale label Mar 3, 2023
@AGirin
Copy link

AGirin commented Mar 8, 2023
edited
Loading

We are getting the same issue with S3 buckets now. Removing self-managed policy make it all work...

An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

@github-actions github-actions bot removed the stale label Mar 9, 2023
@antonbabenko
Copy link
Member

This issue has been resolved in version 5.14.1 🎉

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Update self manage policy to support users with path
3 participants
@enver @antonbabenko @AGirin