1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
1
Hello.
In my environment, I was able to perform AssumeRole with the following trust policy.
My IAM Identity Center uses Tokyo as the region.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::$ACCOUNT_ID:role/aws-reserved/sso.amazonaws.com/ap-northeast-1/AWSReservedSSO_AWSAdministratorAccess_xxxxxxx"
},
"Action": "sts:AssumeRole"
}
]
}
What region are you using with IAM Identity Center?
According to the AWS blog below, it seems that there is no need for a region code in the case of us-east-1.
https://aws.amazon.com/jp/blogs/containers/a-quick-path-to-amazon-eks-single-sign-on-using-aws-sso/
Note: If you configure SSO in a Region other than us-east-1, add the Region after “sso.amazonaws.com”. For example, for us-east-2, “…/sso.amazonaws.com/us-east-2/…”.
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
Wow. Excellent find. I am indeed in us-east-1. Strange that it's inconsistent across regions. Thank you!!