Sign Up

Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.

Have an account? Sign In

Have an account? Sign In Now

Sign In

Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.

Sign Up Here

Forgot Password?

Don't have account, Sign Up Here

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Have an account? Sign In Now

You must login to ask question.(5)

Forgot Password?

Need An Account, Sign Up Here

Please briefly explain why you feel this question should be reported.

Please briefly explain why you feel this answer should be reported.

Please briefly explain why you feel this user should be reported.

Sign InSign Up

ITtutoria

ITtutoria Logo ITtutoria Logo

ITtutoria Navigation

  • Python
  • Java
  • Reactjs
  • JavaScript
  • R
  • PySpark
  • MYSQL
  • Pandas
  • QA
  • C++
Ask A Question

Mobile menu

Close
Ask a Question
  • Home
  • Python
  • Science
  • Java
  • JavaScript
  • Reactjs
  • Nodejs
  • Tools
  • QA
Home/ Questions/Error: is not authorized to perform sts assumerole on resource - how to solve it?
Next
Answered
Isabella Li
  • 25
Isabella Li
Asked: May 17, 20222022-05-17T14:05:22+00:00 2022-05-17T14:05:22+00:00In: javascript

Error: is not authorized to perform sts assumerole on resource – how to solve it?

  • 25

. Advertisement .

..3..

. Advertisement .

..4..

I have the following javascript code, but I do not know how to find the correct result. Why has this problem occurred, and how can it be solved? Here is the code that I am running:

{
  "Version": "2012-10-17",
  "Statement": [
  {
  "Sid": "some-large-id",
  "Effect": "Allow",
  "Action": [
  "sts:*"
  ],
  "Resource": [
  "*"
  ]
  }
  ]
 }
{
  "Version": "2012-10-17",
  "Statement": [
  {
  "Sid": "another-large-id",
  "Effect": "Allow",
  "Action": [
  "s3:PutObject"
  ],
  "Resource": [
  "arn:aws:s3:::my-bucket-name/*"
  ]
  }
  ]
 }
let policy = {
  "Version": "2012-10-17",
  "Statement": [
  {
  "Sid": "new-custom-id",
  "Effect": "Allow",
  "Action": ["s3:PutObject"],
  "Resource": ["arn:aws:s3:::my-bucket-name/*"]
  }
  ]
 };
 
 let params = {
  DurationSeconds: 3600, 
  ExternalId: 'some-value', 
  Policy: JSON.stringify(policy), 
  RoleArn: "arn:aws:iam::NUMBER:role/ROLE-NAME", //Cheked, role is the same that step one
  RoleSessionName: this.makeNewSessionId()
 };
 let sts = new AWS.STS({ apiVersion: '2012-08-10' });
 
 sts.assumeRole(params, (err, data) => {
  if(err) console.log(err);
  else console.log(data);
 });

And this is the error text I receive:

the user is not authorized to perform sts:AsumeRole on resource xxx
assume role
  • 2 2 Answers
  • 805 Views
  • 0 Followers
  • 0
Answer
Share
  • Facebook
  • Report

2 Answers

  • Voted
  • Oldest
  • Recent
  • Random
  1. Best Answer
    lyytutoria Expert
    2022-06-06T15:14:52+00:00Added an answer on June 6, 2022 at 3:14 pm

    The cause:

    This error happens because the name of the IAM role in AWS does not match with the corresponding group in directory and the DAG is not listed as principal by the trust relationship of the IAM Role’s AWS settings .

    Solution:

    The trust relationship policy document of the IAM role need to be checked to confirm that your user is  still in it. You also ensure that the IAM user has permissions allow them to take on that role.

    The trust relationship like below:

    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Effect": "Allow",
    "Principal": {
    "AWS": [
    "arn:aws:iam::1234567890:user/person"
    ]
    },
    "Action": "sts:AssumeRole"
    }
    ]
    }
    • 14
    • Reply
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
      • Share on WhatsApp
      • Report
  2. Juliette Meyer
    2022-05-25T20:04:11+00:00Added an answer on May 25, 2022 at 8:04 pm

    You must establish a trust relationship depending on the role you wish to play, such as using STS Java V2 API (not Node), You must specify who you trust in the trust relationship. Example:

    {
     "Version": "2012-10-17",
     "Statement": [
     {
     "Effect": "Allow",
     "Principal": {
     "AWS": "arn:aws:iam::<AWS Account ID>:user/JohnDoe” //Specify the AWS ARN of your IAM user. 
     },
     "Action": "sts:AssumeRole"
     }
     ]
     }

    You can now, for instance, execute a Java program that invokes the assumeRole operation.

    package com.example.sts;
    
    import software.amazon.awssdk.regions.Region;
    import software.amazon.awssdk.services.sts.StsClient;
    import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
    import software.amazon.awssdk.services.sts.model.StsException;
    import software.amazon.awssdk.services.sts.model.AssumeRoleResponse;
    import software.amazon.awssdk.services.sts.model.Credentials;
    import java.time.Instant;
    import java.time.ZoneId;
    import java.time.format.DateTimeFormatter;
    import java.time.format.FormatStyle;
    import java.util.Locale;
    
    /**
     * To make this code example work, create a Role that you want to assume.
     * Then define a Trust Relationship in the AWS Console. YOu can use this as an example:
     *
     * {
     * "Version": "2012-10-17",
     * "Statement": [
     * {
     * "Effect": "Allow",
     * "Principal": {
     * "AWS": "<Specify the ARN of your IAM user you are using in this code example>"
     * },
     * "Action": "sts:AssumeRole"
     * }
     * ]
     * }
     *
     * For more information, see "Editing the Trust Relationship for an Existing Role" in the AWS Directory Service guide.
     */
    
    public class AssumeRole {
    
     public static void main(String[] args) {
    
     String roleArn = "arn:aws:iam::000540000000:role/s3role" ; // args[0];
     String roleSessionName = "mysession101"; // args[1];
    
     Region region = Region.US_EAST_1;
     StsClient stsClient = StsClient.builder()
     .region(region)
     .build();
    
     try {
     AssumeRoleRequest roleRequest = AssumeRoleRequest.builder()
     .roleArn(roleArn)
     .roleSessionName(roleSessionName)
     .build();
    
     AssumeRoleResponse roleResponse = stsClient.assumeRole(roleRequest);
    
     Credentials myCreds = roleResponse.credentials();
    
     //Display the time when the temp creds expire
     Instant exTime = myCreds.expiration();
    
     // Convert the Instant to readable date
     DateTimeFormatter formatter =
     DateTimeFormatter.ofLocalizedDateTime( FormatStyle.SHORT )
     .withLocale( Locale.US)
     .withZone( ZoneId.systemDefault() );
    
     formatter.format( exTime );
     System.out.println("The temporary credentials expire on " + exTime );
    
     } catch (StsException e) {
     System.err.println(e.getMessage());
     System.exit(1);
     }
    
     }
    }

    This code will not work if the Trust Relationship is not set.

    • 9
    • Reply
    • Share
      Share
      • Share on Facebook
      • Share on Twitter
      • Share on LinkedIn
      • Share on WhatsApp
      • Report

Leave an answer
Cancel reply

You must login to add an answer.

Forgot Password?

Need An Account, Sign Up Here

Sidebar

Ask A Question
  • How to Split String by space in C++
  • How To Convert A Pandas DataFrame Column To A List
  • How to Replace Multiple Characters in A String in Python?
  • How To Remove Special Characters From String Python

Explore

  • Home
  • Tutorial

Footer

ITtutoria

ITtutoria

This website is user friendly and will facilitate transferring knowledge. It would be useful for a self-initiated learning process.

@ ITTutoria Co Ltd.

Tutorial

  • Home
  • Python
  • Science
  • Java
  • JavaScript
  • Reactjs
  • Nodejs
  • Tools
  • QA

Legal Stuff

  • About Us
  • Terms of Use
  • Privacy Policy
  • Contact Us

DMCA.com Protection Status

Help

  • Knowledge Base
  • Support

Follow

© 2022 Ittutoria. All Rights Reserved.

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.