Reputation: 3715
Understanding aws policy
I have the below IAM policy definied. I am not sure what is the below policy signify. Is the principal pointing to the root user or root account and any authenticated user associated with the root account.
Before raising this question, I have referred to this Link.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<account-id>:root"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}
Upvotes: 1
Views: 166
Answers (1)
Reputation: 270104
It looks like a Trust Policy that is attached to an IAM Role.
It is saying that IAM Users in <account-id> can assume the IAM Role as long as they have been granted sufficient permission to call AssumeRole().
The reference to root is saying that it trusts whatever policies exist in that particular account. So, if an IAM User in that account has been granted permission to call AssumeRole(), then the policy will allow it. It's a way of saying "trust whatever that account says".
Upvotes: 1
Related Questions
- AWS SSM Policy doesn't work like the documentation
- Two contardicting aws policies?
- I have a Query about AWS S3 bucket policy
- What is difference between the below mentioned IAM policies?
- What is the meaning of aws_iam_role and aws_iam_role_policy?
- AWS policy interpretation
- IAM policy variables
- Understanding IAM policies
- IAM Policy and S3 Policy
- Confused about IAM Roles, Policies, Statements and Actions