After long search i found as per my requirement the Perfect Example for "Grant the user to assume a role" Thank you and it worked for me keep making us to learn new thing
I have been following along this lab, and besides the Trust Policy, there is a need to create another Identity Policy for user Paul in order to be able to assume the role. The policy also contains "sts:AssumeRole" but this one has to have the attribute "Resource" pointing to the role name, e.g.: "Resource": "arn:aws:iam::123456789012:role/PlainUserS3ReadOnlyRole". I have watched your other video about Roles "Use Cases for AWS Identity and Access Management (IAM) Roles" where you do explain that it is also needed an Identity-Policy on the trusted account to assume the role prior to trying to assume it on the trusting account, that is the reason I fail to understand why you did not include that in this lab.
I'm still confused about this, in cross-account access I created IAM role and also created IAM policy and attach it to the role. Then, login from another account and switch the role and get access to necessary resources on the main account. But in this video, the creator doesn't create any IAM policy??
It is an emerging platform which offers access (paid) to virtual labs, had been a worst experience and lot of issues comes out as I use. Don't squander your time and money if you're planning to buy the virtual lab.
After long search i found as per my requirement the Perfect Example for "Grant the user to assume a role" Thank you and it worked for me keep making us to learn new thing
Very simple and clear! Finally I understand what assuming a role does. Thank you!
One of the best tutorial i have ever seen
Simple and clear... so good!
Regards from Brazil
you saved my life
I have been following along this lab, and besides the Trust Policy, there is a need to create another Identity Policy for user Paul in order to be able to assume the role. The policy also contains "sts:AssumeRole" but this one has to have the attribute "Resource" pointing to the role name, e.g.: "Resource": "arn:aws:iam::123456789012:role/PlainUserS3ReadOnlyRole". I have watched your other video about Roles "Use Cases for AWS Identity and Access Management (IAM) Roles" where you do explain that it is also needed an Identity-Policy on the trusted account to assume the role prior to trying to assume it on the trusting account, that is the reason I fail to understand why you did not include that in this lab.
I'm still confused about this, in cross-account access I created IAM role and also created IAM policy and attach it to the role. Then, login from another account and switch the role and get access to necessary resources on the main account. But in this video, the creator doesn't create any IAM policy??
Great worke
Superb
Thanks a lot
please create tutorial for hostgator hosting
It is an emerging platform which offers access (paid) to virtual labs, had been a worst experience and lot of issues comes out as I use. Don't squander your time and money if you're planning to buy the virtual lab.