how to allow IAM role to assume another IAM role, via cloudformation?
Question
adding an IAM role via cloudformation, where I want to add a trust policy such that, another IAM role (arn:aws:iam::123456789:role/otherrole) from another aws account can assume my role. but I get an error "Has prohibited field resource ( service: AmazonIdentityManagement; status Code: 400.....
AWSTemplateFormatVersion: "2010-09-09"
Resources:
SomeRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Resource: arn:aws:iam::123456789:role/otherrole
Action:
- 'sts:AssumeRole'
Path: /
Policies:
...
1 answers
solution1
0 2022-01-06 22:47:37
AssumeRolePolicyDocument do not have Resource . It should be Principal :
AWSTemplateFormatVersion: "2010-09-09"
Resources:
SomeRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
AWS: arn:aws:iam::123456789:role/otherrole
Action:
- 'sts:AssumeRole'
Path: /
Policies:
...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How can an IAM role assume another IAM role to access an resource
How to assume iam role in makefile
Allow user to assume an IAM role with SSO login
Allow lambda to assume role of an IAM Role that was created from identity pool?
CloudFormation IAM Role — AssumeRolePolicyDocument
IAM Role via CloudFormation Error in Principle
how to make local machine to assume IAM role
aws iam- can a role assume a role and that role assume another role?
Terraform using IAM role assume
FirehoseDestination - Could not assume IAM role
Related Tags