- 最新
- 最多得票
- 最多評論
When you assume a role via web identity, you get temporary credentials (access and secret keys) and use them to perform some actions, which are allowed by IAM policy
If this role assumes another role, temporary credentials change, so you need to use new creds to Execute Lambda (in your case)
Hey - I think the way I'm seeing it - my external account is assuming the role.
role includes policy statements 1-5 (which includes lambda trust policy/invoke lambda/web identity policy)
I thought the Role w. attached policy bundle would be enough to provide the web identity the lambda invoke role? I'll double check on my end if I misconfigured something. Right now - it looked like the Lambda resource permissions had to be placed in the web identity policy itself (vs the role).
相關內容
- 已提問 10 個月前
- 已提問 7 個月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
Please accept the answer if it was useful for you