I need to assume a temp role in a secondary account from a primary account. For primary account I already have a role which has an assume role policy for the temp role in secondary role. But when I am executing the command
aws sts assume-role --role-arn ${primaryRoleArn} --role-session-name ${awsProfile}
I am getting this error
An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:iam::xxxxxxx:user/primary is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::secondaryAccount:role/secondary_role
What I am doing wrong?
Your credentials in your ~/.aws/credentials file must be explicitly allowed to assume this role. So in primary role trust policy, you must add your username to allowed assumption.
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::${AccountId}:user/${AwsUserName}"
},
"Action": "sts:AssumeRole"
}
]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.