3 個答案
- 最新
- 最多得票
- 最多評論
2
Hi, look at section aws:PrincipalArn of https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
It seems that your arn string is incorrect: 'sts' not needed.
The example of the doc is given below
IAM role – The request context contains the following value for condition key aws:PrincipalArn.
Do not specify the assumed role session ARN as a value for this condition key.
For more information about the assumed role session principal, see Role session principals.
arn:aws:iam::123456789012:role/role-name
0
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-sessions "Principal": { "AWS": "arn:aws:sts::AWS-account-ID:assumed-role/role-name/role-session-name" }
已回答 8 個月前
0
HI Have you fixed it ? I have the same issue and tried booth solutions shown above but not ways "Principal": { "AWS": "arn:aws:sts::AWS-account-ID:assumed-role/role-name/role-session-name" } arn:aws:iam::123456789012:role/role-name
Regards Sofiane
已回答 1 個月前
相關內容
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
I missed that. This answers my question why it doesn't work. However, I want to use the assumed-role arn to narrow down access to a specific user in the group, so just role arn won't do. Do you know of any other way I could narrow it down to a specific SSO user?