Home > Mobile >  how to combine two IAM policies together
how to combine two IAM policies together

Time:01-30

Im new to IAM policies. Trying to combine below two policies and make single one. The role is AmazonEKSVPCCNIRole

below are two policies :

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

and

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Federated": "<arn-value>"
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringEquals": {
                    "oidc.eks.us-east-1.amazonaws.com/id/<id>:sub": "system:serviceaccount:kube-system:aws-node",
                    "oidc.eks.us-east-1.amazonaws.com/id/<id>:aud": "sts.amazonaws.com"
                }
            }
        }
    ]
}

i just need single policy combining above two policies. Im getting JSON error when trying to combine. please help to create single policy

CodePudding user response:

Can add the element in the statement array separated by comma. This is trust policy and not a normal policy.

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Principal": {
            "Federated": "<arn-value>"
        },
        "Action": "sts:AssumeRoleWithWebIdentity",
        "Condition": {
            "StringEquals": {
                "oidc.eks.us-east-1.amazonaws.com/id/<id>:sub": "system:serviceaccount:kube-system:aws-node",
                "oidc.eks.us-east-1.amazonaws.com/id/<id>:aud": "sts.amazonaws.com"
            }
        }
    },
 {
        "Effect": "Allow",
        "Principal": {
            "Service": "ec2.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
    }
]

}

  • Related