Aref Karimi
Reputation: 1890
AWS: STS Assume Role not working for user
I have created an AWS Policy with the below definition. I have assigned this to an IAM User so the user can get a temporary access. However, the user gets this error: "User xxxx is not authorized to perform: sts:AssumeRole on ...".
The AWS documentation says this is the only policy that is required.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "*"
}
]
}
Upvotes: 0
Views: 939
Answers (1)
Arun Kamalanathan
Reputation: 8603
In addition to the IAM policy that allows the user to assume a role, You also need to add a Trust Policy to the role. The trust policy tells who can assume the role. I think you are missing the trust policy.
Hope this helps.
Reference: Assume an IAM Role Using the AWS CLI
Upvotes: 2
Related Questions
- Assuming roles when logged in via IAM Identity Center
- AWS IAM roles and STS
- (MalformedPolicyDocument) AssumeRole policy may only specify STS AssumeRole actions
- In AWS, why am I giving up existing permissions when assuming a role
- AWS sts assume role - user is trusted by target role, user has sts permissions to assume target role. "User not allowed to perform assume role"
- AWS AssumeRole - User is not authorized to perform: sts:AssumeRole on resource
- Not authorized to perform: sts:AssumeRole on resource
- STS AssumeRole error: AWS Access Key "does not exist in our records"
- AWS STS Roles with EC2 AssumeRole
- AWS Assume role with EC2 instance IAM role not working