Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
How do I provide IAM users with a link to assume an IAM role?
I want to provide AWS Identity and Access Management (IAM) users links to an IAM role.
Resolution
To get the link to the IAM role that you want the IAM user to assume, complete the following steps:
- Either use an existing IAM user, or create an IAM user in your AWS account. Then, create an IAM role.
- Choose the role name. In the Summary section, under Link to switch roles in console, note the link. The link looks similar to https://signin.aws.amazon.com/switchrole?roleName=YOURROLE&account=123456789012.
- Grant the IAM user permissions to switch roles.
- Provide the link to the IAM user.
- Direct the IAM user to follow the instructions at Switch from a user to an IAM role (console). If the IAM user experiences issues, then direct them to I can't assume a role.
Or, you can create a shortcut link in the AWS access portal. The link allows AWS IAM Identity Center users to log in to your account with a specific permission set in the target account.
- Language
- English
Can we utilize the new identity center "AWS access portal" feature "Create shortcut" that will log someone in to an account with a specific permission set and ALSO switch role to the target account. This would be a very helpful feature to add to our support pages/runbooks for our L1/L2/SRE team that need access to our 100+ accounts where we have restricted the role switching to a single start account and permission set.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 7 months ago
