Question

What steps do I need to follow to enable someone to access AWS STS AssumeRole? I’m not sure how to do it.

Answer 1

To enable access to AWS STS AssumeRole, just follow the below steps :

• First, you must create an IAM role, or you can update or modify an existing role.

• To create a role, go to IAM --> roles --> and click on create role in the top right corner.

• Mention the role name, and then choose a trust entity according to your project or purpose. Right now, I am choosing an AWS account.

• Select permission policy as AWSs3fullaccess.

• Then, add a role name according to your need, a meaningful name to identify this role, and a description if you want to better understand it.

• Check whether the trust policy is correct or not, and then create the role.

• Once this is done, you can test the AssumeRole Action using AWS CLI by running the command below.

aws sts assume-role --role-arn arn:aws:iam::ACCOUNT-ID:role/RoleName --role-session-name session1

If you have an existing role, follow these steps :

• Go to IAM --> click on the role name

• Below the summary, you can see the trust entities tab, which has the edit trust policy option. Click on it, modify it according to your project, and then hit update trust policy.

• After this, run the command in AWS CLI to verify and access it.

aws sts assume-role --role-arn arn:aws:iam::ACCOUNT-ID:role/RoleName --role-session-name session1