How to add policy to assumed user? Or why is it not possible?

V

Vadim2020-06-05 15:32:52

Amazon Web Services

Vadim, 2020-06-05 15:32:52

hello everyone,

with help

aws sts assume-role --role-arn arn:aws:iam::123456789012:role/miniadmin --role-session-name temporary

I get user credentials which I then use as env variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN and call various functions like
aws ec2 describe-instances etc

in account 123456789012 there is also an access policy (s3bucketput) that I would like to add to the existing one /temporary session-user. It seems that the miniadmin role has full access to IAM in this account. The question is how to do it, the challenge

aws iam attach-user-policy --policy-arn arn:aws:iam::123456789012:policy/s3bucketput --user-name miniadmin

returns no user miniadmin, which is generally true. With this in the aws console, I can add this policy (s3bucketput) to the miniadmin role with no problem! But you need from CLI

good day and night)
Vadim

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vadim, 2020-06-06
@Viji

Everything works Ivan Shumov )) - you just need to add the desired policies when calling
sts assume-role using the argument --policy-arns (list)