Hi,
Im trying to achieve the "role chaining" as in the https://aws.plainenglish.io/aws-iam-role-chaining-df41b1101068
i have an user admin-user-01
with policy assigned:
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::<accountid>:role/admin_group_role"
}
}
I have a role, which is meant for admin-user-01
, with role_name = admin_group_role
and trust policy =
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<accountid>:user/admin-user-01"
},
"Action": "sts:AssumeRole"
}
]
}
And it also has a policy:
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::<accountid>:role/test-role"
}
}
Then, i have another role, which is assigned for the role above (admin_group_role
), with role_name = test-role
and trust policy =
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<accountid>:role/admin_group_role"
},
"Action": "sts:AssumeRole"
}
]
}
But when i login as admin-user-01
into account, then switch to the role admin_group_role
and then try to switch to role test-role
i get :
Invalid information in one or more fields. Check your information or contact your administrator.
P.S everywhere <accountid> is the same, all of the roles,users,permissions are created in the same account ( what, i suppose might be the reason why i face the error )
What am i doing wrongly?