Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible to generate an AWS access key via IAM for use with the Product Advertising API?

Tags:

amazon-web-services

api

amazon-iam

amazon-product-api

I like using IAM (Identity and Access Management) to create users/groups with specific permissions for specific purposes.

The Product Advertising API requires use of an access key (request param is AWSAccessKeyId) and IAM can generate access keys, but I don't see a way to give IAM users/groups access to only the Product Advertising API.

Anyone know if this can be done? Or do you know of a workaround?

like image 769
Adam Monsen Avatar asked Mar 13 '12 17:03

Adam Monsen

People also ask

Can IAM user create access key?

Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/ . In the navigation pane, choose Users. Choose the name of the intended user, and then choose the Security credentials tab. Choose Create access key and then choose Download .

What are two AWS best practices for managing access keys?

Don't pass access keys to the application, embed them in the application, or let the application read access keys from any source. Instead, define an IAM role that has appropriate permissions for your application and launch the Amazon Elastic Compute Cloud (Amazon EC2) instance with roles for EC2.

1 Answers

Update

Reading the mentioned thread IAM policies for Amazon Product API entirely reveals, that the questioner actually tried to to just that, i.e. use IAM access keys to access the Product Advertising API, but apparently to no avail. So I'm afraid the mentioned AWS team response has to be taken literally and your use case is not covered yet by IAM, unfortunately.

Initial Answer

AWS Identity and Access Management (IAM) doesn't currently support the Product Advertising API (see the AWS team response to IAM policies for Amazon Product API), but assuming the IAM access keys as such do work there as well, you could deny your users/groups access to every other AWS service supporting IAM by means of a respective IAM policy at least (which should cover the majority of critical ones). The recommended AWS Policy Generator can help in crafting a respective policy, which might actually be as simple as this (I just selected Effect -> Deny and checked the AWS Service -> All Services checkbox):

{
  "Statement": [
    {
      "Sid": "Stmt1331670627168",
      "Action": "*",
      "Effect": "Deny",
      "Resource": "*"
    }
  ]
}
like image 132
Steffen Opel Avatar answered Sep 20 '22 10:09

Steffen Opel
Sign in to Comment

Related questions

Amazon Product Advertising API signed request with Java
LinkedIn r_basicprofile only returns current position, not past positions
Where can I find an API for the English Premier League? [closed]
Calling Haskell library from C++
Aliexpress API - full ordering process
REST API design: Tell the server to "refresh" a set of resources
implement reCAPTCHA v3 in WordPress loginscreen
How do you implement NSPageController to navigate through a webView's history
Handling third-party API requests in End-to-End testing
How to create a streaming API with NodeJS
Using the Confluence REST API, is there anyway to retrieve pageview count for a given page?
What can I use to implement Telegram messages in my website?
RESTful API Authentication
Retrofit 2.0 cancel a Call object
RESTful design of a social network
The RESTful way to include or not include children of a resource?
How to access Firefox Sync bookmarks without Firefox
TokBox OpenTok Alternative? [closed]
How avoid automatic gain control with AudioRecord?
How do you prevent brute force attacks on RESTful data services

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!