使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Multiple trust entities in a single role

0

Hi,

I need to enable two account on the same role. Is there any way to achieve this?

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "1555555555"
        }
      }
    }
  ]
}

Seeing the discussion in: https://forums.aws.amazon.com/thread.jspa?threadID=224325 it would be possible, however i cant figure out how to get the JSON right. Can anyone take a look at above policy and figure out how to add a secondary?

I Tried with:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789:root",
        "AWS": "arn:aws:iam::798456132:root"
      },
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "1555555555"
        }
      }
    }
  ]
}

Any help is appreciated. Thanks!

主題
安全性、身分識別與合規
標籤
AWS Identity and Access Management
語言
English
Micke2k
已提問 6 年前檢視次數 5209 次
4 個答案
0
已接受的答案

Hello Micke2k,

Please replace the account id "123456789012" with the account id for your AWS account. I used this account id as an example.

Please let me know if this works now or if you have any issues.

Thank you,
Ujjwal

profile pictureAWS
Ujjwal-AWS
已回答 6 年前
0

Hello Micke2k,

Thank you for reaching out to us. Please try to specify the account ARNs as an array within the Principal.

For example,

 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::123456789012:root",
          "arn:aws:iam::987654321098:root"
        ]
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "1555555555"
        }
      }
    }
  ]
}

Thanks,
Ujjwal

Edited by: ujjwal-aws on Mar 22, 2018 10:51 AM

profile pictureAWS
Ujjwal-AWS
已回答 6 年前
0

Hi,

This doesnt work. It gives error:

An error occurred: Invalid principal in policy: "AWS":"arn:aws:iam::123456789012:root"

Micke2k
已回答 6 年前
0

Thanks buddy, you are a star!

Micke2k
已回答 6 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容