- Newest
- Most votes
- Most comments
Also one other thing to check is https://repost.aws/knowledge-center/iam-assume-role-cli Try working this out on the command line first often helps me understand if the policy is setup correctly.
Let me know if you have any issues with this, or if it helps you then please accept my answer after you've tried it out - it would be much appreciated! Good luck :)
you can follow these articles at first
https://stackoverflow.com/questions/41337079/how-enable-access-to-aws-sts-assumerole
Create a policy to allow the action AssumeRole:
Open the IAM console at https://console.aws.amazon.com/iam/. In the navigation pane, choose Policies. then Create Policy On the Visual editor tab, choose Choose a service, find and choose STS. For Actions, find and choose AssumeRole. Choose Resources, then choose Any. Choose Review policy. For Name, enter a name for your policy, such as AllowAssumeRole, and then choose Create policy. You've now created a policy that allows the sts:AssumeRole action on any resource.
Attach the policy to your IAM user:
In the navigation pane of the IAM console, choose Users. Find and choose your user. Choose the Permissions tab, and then choose Add permissions. Choose Attach existing policies directly. Find the AllowAssumeRole policy that you created in the previous step, select its check box, and then choose Next: Review. Choose Add permissions. You've now attached the policy that allows the sts:AssumeRole action to your user.
Update the trust policy for the role to include your IAM user:
In the navigation pane of the IAM console, choose Roles. Find and choose your role. Choose the Trust relationships tab, and then choose Edit trust relationship. In the policy document, add a statement that allows your user to assume the role. The statement should look like this:
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:user/YOUR-USER-NAME"
},
"Action": "sts:AssumeRole"
}
Choose Update Trust Policy.
The IAM user should now be able to assume the role. If you're still having trouble, there might be a permissions boundary or SCP (Service Control Policy) that is preventing the action. You might also want to check if there is any conditional policy that might be preventing the action.
Also, keep in mind that the role's trust policy must grant the sts:AssumeRole permission to the entity that is assuming the role, and the entity that is assuming the role must also have the sts:AssumeRole permission to assume the role. This is a two-way permission requirement.
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Add user. Policies to user. Add Role. Policies to role.
And for this get sts credentials [ AccessKeyId, SecretAccessKey, SessionToken ]:
Then go to oauth to receive [ access token ]
Then get raport model for postman: https://github.com/amzn/selling-partner-api-models
Add access token from o-auth. Im not shure then access token key must be named "x-amz-access-token" Find this in tutorial: https://m.media-amazon.com/images/G/01/spapi/Call_SPAPI_Endpoint.mp4
Fill credentials [ AccessKeyId, SecretAccessKey, SessionToken ] :
And finaly receive:
Is any other service to rule access the selling partner reports ?