access issue in uploading SSL file in amazon EC2 server

Question

i am using this command to upload ssl file.

aws iam upload-server-certificate --server-certificate-name CertificateName --certificate-body file://public_key_certificate_file --private-key  file://privatekey.pem

i also placed a config file at ~/.aws/config and values are

[default]

aws_access_key_id = with my own key 

aws_secret_access_key = with my own key

region = ********

but it is giving me this error:

A client error (AccessDenied) occurred: User: arn:aws:iam::419351825566:user/** is not authorized to perform: iam:UploadServerCertificate on resource: arn:a ws:iam::419351825566:server-certificate/**.crt

Am I not writing AWS Credentials properly? Or I have no access? I am also not sure if I am writing region right..

Answer 1

As of Nov 2015, having an IAM user with a policy of 'IAMFullAccess' will make this work. You can create a new user to have that sole policy, or you can use an existing user and just add the policy.

Note: After uploading the SSL file, you can remove the IAMFullAccess policy if you'd like to tighten down permissions/security again.

New user workflow:

1. In the jumbo Services menu in AWS, go to IAM
2. In left sidebar, click on Users
3. Click blue "Create New Users" button
4. Type in a name for the user, e.g. "ssl-uploader", and create user
5. Make note of the keys that AWS gives you. You can't retrieve these later (you'd have to go back to step 1 and create a different user).
6. Assign the IAMFullAccess policy to the new user
7. In command line, do aws configure and answer the questions:
   • AWS Access Key ID: - access key from step 5
   • AWS Secret Access Key: - secret key from step 5
   • Default region name: - didn't matter in my case, accepted default None
   • Default output format: - didn't matter in my case, accepted default None
8. Run command as mentioned in the question, and it should work. You may want to take note of the JSON it returns in case you need it later.