Issue obtaining temporary credentials

Question

I created EKS resources via Terraform. I now want to get temporary credentials for a new role (new_dev has eks:DescribeCluster permission). It throws below error, user xxxxx has AdminitratorAccess policy. Should I add an assume role policy to the user xxxxx?
aws sts assume-role --role-arn arn:aws:iam::---:role/new_dev --role-session-name dev

An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:iam::---:user/xxxxx is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::---:role/new_dev

Answer

Hello,

You are facing the error because the trust-relationship of the `new_dev` IAM role is not allowing the user 'xxxxx' to perform `sts:AssumeRole` operation.

To fix this, you will have to update the trust-relationship of your `new_dev` IAM role to allow `sts:AssumeRole` for the IAM user 'xxxxx'.

Below is a sample trust-relationship policy that allows the user `arn:aws:iam::111122223333:user/xxxxx` to perform assume-role operation on the IAM role that has the below trust-relationship.

For more info, please refer https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::111122223333:user/xxxxx"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
```

I hope this helps!

Issue obtaining temporary credentials

Relevanter Inhalt