. Advertisement .
..3..
. Advertisement .
..4..
I have the following javascript code, but I do not know how to find the correct result. Why has this problem occurred, and how can it be solved? Here is the code that I am running:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "some-large-id",
"Effect": "Allow",
"Action": [
"sts:*"
],
"Resource": [
"*"
]
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "another-large-id",
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::my-bucket-name/*"
]
}
]
}
let policy = {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "new-custom-id",
"Effect": "Allow",
"Action": ["s3:PutObject"],
"Resource": ["arn:aws:s3:::my-bucket-name/*"]
}
]
};
let params = {
DurationSeconds: 3600,
ExternalId: 'some-value',
Policy: JSON.stringify(policy),
RoleArn: "arn:aws:iam::NUMBER:role/ROLE-NAME", //Cheked, role is the same that step one
RoleSessionName: this.makeNewSessionId()
};
let sts = new AWS.STS({ apiVersion: '2012-08-10' });
sts.assumeRole(params, (err, data) => {
if(err) console.log(err);
else console.log(data);
});
And this is the error text I receive:
the user is not authorized to perform sts:AsumeRole on resource xxx
The cause:
This error happens because the name of the IAM role in AWS does not match with the corresponding group in directory and the DAG is not listed as principal by the trust relationship of the IAM Role’s AWS settings .
Solution:
The trust relationship policy document of the IAM role need to be checked to confirm that your user is still in it. You also ensure that the IAM user has permissions allow them to take on that role.
The trust relationship like below:
You must establish a trust relationship depending on the role you wish to play, such as using STS Java V2 API (not Node), You must specify who you trust in the trust relationship. Example:
You can now, for instance, execute a Java program that invokes the assumeRole operation.
This code will not work if the Trust Relationship is not set.