Correct way to write multiple Principal AWS in AWS IAM Role TrustEntity Relation
Question
I am new to AWS IAM Roles.
Here scenario is, I have an IAM Role (DDBReadRole) for DynamoDB read access (in Account P lets say). And we have 2 lambda execution roles L1,L2 in Account B, Account C respectively. Now these 2 lambda executions roles need to be added to DDBReadRole access Trust Entities relation
For this I am writing {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": ["arn:aws:iam::<AccountBId>:role/<AccountBRole>", "arn:aws:iam::
<AccountCId>:role/<AccountCRole>"]
},
"Action": "sts:AssumeRole"
}
]
}
I got an other option
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<AccountBId>:role/<AccountBRole>
},
"Action": "sts:AssumeRole"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<AccountCId>:role/<AccountCRole>"
},
"Action": "sts:AssumeRole"
}
]
}
Can some one please help me which is the correct way to add 2 AWS Principals in trust entities!!
1 answers
solution1
0 2022-10-06 08:34:04
Both are correct , and you can use any of them. But the first form is usually used, because its shorter.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.