0

I created a new policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "sts:AssumeRole",
        "sts:AssumeRoleWithSAML",
        "sts:AssumeRoleWithWebIdentity"
      ],
      "Resource": "*"
    }
  ]
}
  • I've added this policies as "Add permissions" to the user.
  • I've added the policy to a group and added the user to this group
  • I've added the policy to a role and edited the Trust Relationship

This it the trusted relationship definition

{
  "Version": "2012-10-17",
  "Statement": [
  {
    "Sid": "",
    "Effect": "Allow",
    "Principal": {
    "Service": [
      "apigateway.amazonaws.com",
      "lambda.amazonaws.com",
      "events.amazonaws.com"
    ],
    "AWS": [
      "<user_arn>"
    ]
    },
    "Action": "sts:AssumeRole"
  }
  ]
}

However, when calling 

aws sts assume-role --role-arn "arn:aws:quicksight:us-east-1:<user_id>:user/default/..." --role-session-name test-session

I still receive an access denied?

wasp256
  • 101
  • what do you mean? – wasp256 Jul 09 '19 at 04:45
  • 1
    Sometimes if you try to assume a role you get a long message filled with lots of numbers and letters that you need to use I think it's [sts:decodeAuthorizationMessage](https://docs.aws.amazon.com/cli/latest/reference/sts/decode-authorization-message.html) or something to decode. Sometimes you get it, sometimes you don't. – Tim Jul 09 '19 at 04:48
  • When calling the above command `aws sts assume-role...` I get only the error back `An error occurred (AccessDenied) when calling the AssumeRole operation: Access denied` – wasp256 Jul 09 '19 at 04:51

0 Answers0