Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Multiple trust entities in a single role

0

Hi,

I need to enable two account on the same role. Is there any way to achieve this?

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "1555555555"
        }
      }
    }
  ]
}

Seeing the discussion in: https://forums.aws.amazon.com/thread.jspa?threadID=224325 it would be possible, however i cant figure out how to get the JSON right. Can anyone take a look at above policy and figure out how to add a secondary?

I Tried with:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789:root",
        "AWS": "arn:aws:iam::798456132:root"
      },
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "1555555555"
        }
      }
    }
  ]
}

Any help is appreciated. Thanks!

Themen
Sicherheit, Identität & Konformität
Tags
AWS Identity and Access Management
Sprache
English
Micke2k
gefragt vor 6 Jahren5211 Aufrufe
4 Antworten
0
Akzeptierte Antwort

Hello Micke2k,

Please replace the account id "123456789012" with the account id for your AWS account. I used this account id as an example.

Please let me know if this works now or if you have any issues.

Thank you,
Ujjwal

profile pictureAWS
Ujjwal-AWS
beantwortet vor 6 Jahren
0

Hello Micke2k,

Thank you for reaching out to us. Please try to specify the account ARNs as an array within the Principal.

For example,

 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::123456789012:root",
          "arn:aws:iam::987654321098:root"
        ]
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "1555555555"
        }
      }
    }
  ]
}

Thanks,
Ujjwal

Edited by: ujjwal-aws on Mar 22, 2018 10:51 AM

profile pictureAWS
Ujjwal-AWS
beantwortet vor 6 Jahren
0

Hi,

This doesnt work. It gives error:

An error occurred: Invalid principal in policy: "AWS":"arn:aws:iam::123456789012:root"

Micke2k
beantwortet vor 6 Jahren
0

Thanks buddy, you are a star!

Micke2k
beantwortet vor 6 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt