I am using EKS to run terraform and created service account for aws access, Also I want to get access for of cross account using assume role,
created the role in cross account and created new role in primary account with inline policy, and added in terraform as below
provider "aws" {
region = "us-east-1"
assume_role { role_arn = "arn:aws:iam:11111111111:role/atlantis-prod-account" }
}
while doing terraform plan getting error
Planning failed. Terraform encountered an error while generating this plan.
╷
│ Error: configuring Terraform AWS Provider: IAM Role (arn:aws:iam::222222222222:role/atlantis-prod-account) cannot be assumed.
│
│ There are a number of possible causes of this - the most common are:
│ * The credentials used in order to assume the role are invalid
│ * The credentials do not have appropriate permission to assume the role
│ * The role ARN is not valid
│
│ AWS Error: operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: 0992e01d-f14c-4ce0-a035-7bb4b281c93b, api error AccessDenied: User: arn:aws:sts::2222222222222:assumed-role/atlantis-tf/16875811711115
96442 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::2222222222222:role/atlantis-prod-account
│
│
│ with provider["registry.terraform.io/hashicorp/aws"],
│ on main.tf line 1, in provider "aws":
│ 1: provider "aws" {
AWS 官方已更新 1 年前
arn:aws:iam::11111111111:role/atlantis-prod-account