AWS AssumeRole authorization not working

前端未结

关注

 3  870

忘了有多久 2020-12-29 05:36

I am attempting to call the AssumeRole function using AWS sts in my PHP program since I want to create temporary credentials to allow a user to create an object for an AWS b

3条回答

天命终不由人 (楼主)

2020-12-29 05:43
You also need to edit the Trust relationship for the role to allow the account (even if it's the same) to assume the role.
1. open the role that you want to assume in the console
2. click on the "Trust Relationships" tab
3. click on "Edit RelationShip"
4. add a statement for the account that you want to add (usually you'll only have the ec2 service in the "Trusted Entities") e.g.
```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789012:role/some-role"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
```
In this example I had to add the "AWS" principal with the proper account number, the ec2.amazonaws.com Service was already there.

After I've done that I was able to assume the role without issue. Took me literally hours to figure this out, hope that will help someone.
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...