0

I have a client that has entrusted me with his seller central access key id and secret access key but when I use it creating IAM role and user policy and calling the API. It returns this call is for getOrder.

"getOrder Roles may not be assumed by root accounts"

What is the workaround for this?

this is the actual response from the API

Error executing "AssumeRole" on "https://sts.us-east-1.amazonaws.com"; AWS HTTP error: Client error: `POST https://sts.us-east-1.amazonaws.com` resulted in a `403 Forbidden` response: 
<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
  <Error>
    <Type>Sender</Type>
    `enter code here`<Code>AccessDeni (truncated...)
 AccessDenied (client): Roles may not be assumed by root accounts. - <ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
  <Error>
    <Type>Sender</Type>
    <Code>AccessDenied</Code>
    <Message>Roles may not be assumed by root accounts.</Message>
  </Error>
  <RequestId>0123456789</RequestId>
</ErrorResponse>
Andrei dev
  • 35
  • 1
  • 9

1 Answers1

0

You shoudn't use root user for day-to-day operations on your account. Instead you should use IAM user. If you don't have any IAM users for your own use, you have to create one with permissions to assume a role. Then you can use the user to assume the role that you are trying to use.

Marcin
  • 215,873
  • 14
  • 235
  • 294
  • I'm not sure If I'm using root user as I created a new IAM user and role for myself with policy "execute-api:Invoke" – Andrei dev Feb 27 '22 at 06:40
  • @Andreidev The error msg says you are using root account. You have to double check all the access keys that you are using and how. – Marcin Feb 27 '22 at 06:41