By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Multiple trust entities in a single role

0

Hi,

I need to enable two account on the same role. Is there any way to achieve this?

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "1555555555"
        }
      }
    }
  ]
}

Seeing the discussion in: https://forums.aws.amazon.com/thread.jspa?threadID=224325 it would be possible, however i cant figure out how to get the JSON right. Can anyone take a look at above policy and figure out how to add a secondary?

I Tried with:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789:root",
        "AWS": "arn:aws:iam::798456132:root"
      },
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "1555555555"
        }
      }
    }
  ]
}

Any help is appreciated. Thanks!

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access Management
Language
English
Micke2k
asked 6 years ago5110 views
4 Answers
0
Accepted Answer

Hello Micke2k,

Please replace the account id "123456789012" with the account id for your AWS account. I used this account id as an example.

Please let me know if this works now or if you have any issues.

Thank you,
Ujjwal

profile pictureAWS
Ujjwal-AWS
answered 6 years ago
0

Hello Micke2k,

Thank you for reaching out to us. Please try to specify the account ARNs as an array within the Principal.

For example,

 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::123456789012:root",
          "arn:aws:iam::987654321098:root"
        ]
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "1555555555"
        }
      }
    }
  ]
}

Thanks,
Ujjwal

Edited by: ujjwal-aws on Mar 22, 2018 10:51 AM

profile pictureAWS
Ujjwal-AWS
answered 6 years ago
0

Hi,

This doesnt work. It gives error:

An error occurred: Invalid principal in policy: "AWS":"arn:aws:iam::123456789012:root"

Micke2k
answered 6 years ago
0

Thanks buddy, you are a star!

Micke2k
answered 6 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content