1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hello there! I understand that it is not possible to use wildcard like arn:aws:sts::000000000000:assumed-role/event-service/* or "arn:aws:iam::000000000000:role/event-service/*" in the principal section of the role trust policy.
Instead , you can make the use of AWS global conditions :userid1 as below:
{ "Sid": "Statement1", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::{Account}:root" }, "Action": "sts:AssumeRole", "Condition": { "StringLike": { "aws:userid ": "role-id:caller-specified-role-name" } } }
Here, userid is role-id:caller-specified-role-name 2
You can get the value of role-id using: A)role-id=aws iam get-role --role-name <ROLE-NAME>3 B)You can set the caller-specified-role-name value as *