Access Denied after successful AssumeRole

Question

Good Day All,

I am trying to run commands after assumerole using cli and getting the following error:
An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

**aws sts assume-role --role-arn "arn:aws:iam:::role/read-write-app-bucket-role" --role-session-name "sessionname"**
This runs successfully but when i do the following i get error :
command :  **aws s3 ls**

Note :
1. I am able to assume the role successfully using AWS STS and getting temp credentials
2. Also the role has full S3 access.
3. Both role and resource are in same account

Tried running "aws s3 ls --profile default" but still having the issue
Tried assigning the same role directly to the user and the command works fine.

Answer

Hi, I suggest you to check the identity under which run the s3 ls via `aws sts get-caller-identity`. 
Sometimes your run CLI commands under under another identity than the one you believe due to env vars, default profile, etc.

It happens to me sometimes...

Best,

Didier

Answer

Hi
The command `assume-role` output the temporary credentials. You must use these credentials when making your `aws s3 ls` call.
[Please see this guide.](https://repost.aws/knowledge-center/iam-assume-role-cli) Hope it helps.

Access Denied after successful AssumeRole

관련 콘텐츠