Home > Net >  Chaining STS assume role across 3 aws accounts
Chaining STS assume role across 3 aws accounts

Time:05-24

There is an AWS account A, which has a resource X managed by policy Pax. It adds the second AWS account B to a role which attaches the policy Pax, let's call this role Rax. Now within the AWS account B, I create another policy for assuming role Rax, let's call it Pbrax and added it to a role RPbrax where the Principal is an AWS account C.

When I try to access the resource X via the account C, I get access denied. I cannot touch anything in AWS account A, but in B and C.

CodePudding user response:

Role permissions are not cumulative.

This means the history of the role chaining doesn't help you - the principal in account C needs to have its own access to the resources in account X if needs to access them.

Page link:https//www.codepudding.com/net/416939.html

Prev:How to dynamically reference a lambda function arn inside step function in aws terraform?
Next:Step Functions - Access State from previous Map Iteration
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding