1 Answer
- Newest
- Most votes
- Most comments
0
According to the documentation, the following trust policies should be set.
That is, arn must contain sso.amazonaws.com/<aws-region>/
.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111122223333:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"ArnLike": {
"aws:PrincipalArn": "arn:aws:iam::111122223333:role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_AdministratorAccess_*"
}
}
}
]
}
answered 10 months ago
Relevant content
- asked 10 months ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
this part eu-west-2 i dont understand where they got this part?
the answer does not work at all, even if i used the assumed role of the permissionset arn for the trust relationship