How to access multiple roles from single IAM user simultaneously?

Question

Can we access and use multiple roles from a single user simultaneously(using STS assumeRole api right now)? My use case requires creation of different roles which have their specific policies assigned, and I need a different way other than creating one user per role sort of like a multiple account access. Instead of creating 1 user per role, is there any way that a single user can access/assume resources of multiple roles/accounts simultaneously?

Answer

Technically, you can assume multiple IAM roles at the same time but the permissions will not be aggregated.
Assuming an IAM role doesn't change who you are or what permissions you have.

When you assume a role, you are given a new set of temporary credentials to use, instead of "your" credentials -- the credentials you used to assume the role.

When interacting with AWS resources each request can only be associated with a singular principal. So, if you assume role1 and role2 you can make requests as role1 OR role2 but not as both together. So, if you are trying to perform a single action that requires an aggregate of the permissions of multiple roles, that's a not possible.

Answer

Another approach could involve session policies. See: [Create fine-grained session permissions using IAM managed policies](https://aws.amazon.com/blogs/security/create-fine-grained-session-permissions-using-iam-managed-policies/).

How to access multiple roles from single IAM user simultaneously?

関連するコンテンツ