- 최신
- 최다 투표
- 가장 많은 댓글
If you do an sts:AssumeRole call, it will either work or you will get an Access denied, so just do a Try/Catch. So you already know if the role exists and if you can access it, so no need for Pinging.
If you want to confirm the roles access, the best would be to use the Role (in the customer account) to describe itself and have a look at its policy. (Be aware of Deny statements and permissions bounders).
The sts:AssumeRole call is counted in your Account, and anything you do with the Role you assumed will be counted against the Account of the Role you assumed.
I could not find any official limit on the sts:AssumeRole call either, but AWS has (on some services) dynamic limits (they will change after your usage). However, STS is a core building block of AWS so it should be able to handle anything you through at it. But you should ALWAYS configure retries in all your AWS SDK Clients, this is a python boto3 example, but every language has its own implementation with the same logic. You want to use the standard mode :) https://boto3.amazonaws.com/v1/documentation/api/latest/guide/retries.html
Beware that retries can cause long executions, so combined with lambda, you often get "Timeouts" that mask the underlying AWS Call. So Be generous with the lambda logging and execution time.
Hope it helps and good luck!
Thank you very much for such elaborative answer. Really appreciate this!