CloudFormation IAM Role -- AssumeRolePolicyDocument

About

Asked 31/1, 2017 at 15:55 Answered 31/1, 2017 at 16:19

Solved amazon-web-services aws-cloudformation amazon-iam amazon-policy

So I'm constructing a cf stack for a role in AWS and I don't know how to go about the AssumeRolePolicyDocument field when designing a role that is not resource-based.

All the examples I've tried to look up each have a specific AWS resource designated under the "Principal" field (e.g. "Service": "ec2.amazonaws.com").

What's the correct way to go about the AssumeRolePolicyDocument field for roles that are designed for users, not resources?

Hausfrau answered 31/1, 2017 at 15:55 Comment(2)

Could you provide more context on the problem you're trying to solve, for example, what sort of use-case are you designing the role for? – Hillyer 31/1, 2017 at 16:15

This is just for a dev role for a specific engineering division. You answered the question perfectly below! Thanks. – Hausfrau 31/1, 2017 at 16:37

You can specify an AWS IAM user using the AWS key instead of Service as the Principal for a role policy document, including an AssumeRolePolicyDocument:

"Principal": { "AWS": "arn:aws:iam::AWS-account-ID:user/user-name" }

Refer to the Specifying a Principal section of the IAM Policy Elements Reference for full details.

Hillyer answered 31/1, 2017 at 16:19 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags