- Newest
- Most votes
- Most comments
Hello,
Here is an article explaining how you can allow an IAM user to assume a role in your AWS account: https://repost.aws/knowledge-center/iam-assume-role-cli
In order for an IAM user(arn:aws:iam::667.....831:user/myIamUserName) to assume the role (arn:aws:iam::888...380:role/cli). You must update the trust relationship policy of the role. This will enable the IAM user to assume a role.
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::667.....831:user/myIamUserName"
},
"Action": "sts:AssumeRole"
}
}
This policy allows ALL actions on EVERY and EACH resources
Allows actions in your account only.
The error message User: arn:aws:iam::667.....831:user/myIamUserName is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::888...380:role/cli
shows that the user in account 667.....831 is trying to assume a role in account 888...380
The steps to follow, in both accounts, are in https://repost.aws/knowledge-center/cross-account-access-iam
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 16 days ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 21 days ago