I want to create following trust relationship of IAM role using CDK
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::1234:root",
"arn:aws:iam::5678:root"
]
},
"Action": "sts:AssumeRole"
}
]
}
But instead I am getting
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::1234:root"
},
"Action": "sts:AssumeRole"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::5678:root"
},
"Action": "sts:AssumeRole"
}
]
}
The code I am using
const account1 = new ArnPrincipal("1234");
const account2 = new ArnPrincipal("5678");
const role = new Role(this, 'myRoleId', {
roleName: 'myRoleName',
assumedBy: new CompositePrincipal(account1, account2),
});
role.addToPolicy(
new PolicyStatement({
actions: ['abcd', 'defg'],
resources: ['*'],
})
);
This is causing the Role trust policy length to go over the limit. I have increased the limit with AWS but I have already increased it to the hard limit AWS has set in place.