3 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
2
Hi, look at section aws:PrincipalArn of https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
It seems that your arn string is incorrect: 'sts' not needed.
The example of the doc is given below
IAM role – The request context contains the following value for condition key aws:PrincipalArn.
Do not specify the assumed role session ARN as a value for this condition key.
For more information about the assumed role session principal, see Role session principals.
arn:aws:iam::123456789012:role/role-name
0
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-sessions "Principal": { "AWS": "arn:aws:sts::AWS-account-ID:assumed-role/role-name/role-session-name" }
con risposta 7 mesi fa
0
HI Have you fixed it ? I have the same issue and tried booth solutions shown above but not ways "Principal": { "AWS": "arn:aws:sts::AWS-account-ID:assumed-role/role-name/role-session-name" } arn:aws:iam::123456789012:role/role-name
Regards Sofiane
con risposta un mese fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
I missed that. This answers my question why it doesn't work. However, I want to use the assumed-role arn to narrow down access to a specific user in the group, so just role arn won't do. Do you know of any other way I could narrow it down to a specific SSO user?