By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Access Denied after successful AssumeRole

0

Good Day All,

I am trying to run commands after assumerole using cli and getting the following error: An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

aws sts assume-role --role-arn "arn:aws:iam::<accountid>:role/read-write-app-bucket-role" --role-session-name "sessionname" This runs successfully but when i do the following i get error : command : aws s3 ls

Note :

  1. I am able to assume the role successfully using AWS STS and getting temp credentials
  2. Also the role has full S3 access.
  3. Both role and resource are in same account

Tried running "aws s3 ls --profile default" but still having the issue Tried assigning the same role directly to the user and the command works fine.

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access Management
Language
English
AWS-User-7313937
asked 9 months ago172 views
2 Answers
0

Hi The command assume-role output the temporary credentials. You must use these credentials when making your aws s3 ls call. Please see this guide. Hope it helps.

profile picture
EXPERT
JimmyDqv
answered 9 months ago
0

Hi, I suggest you to check the identity under which run the s3 ls via aws sts get-caller-identity. Sometimes your run CLI commands under under another identity than the one you believe due to env vars, default profile, etc.

It happens to me sometimes...

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content