CloudFormation IAM Role -- AssumeRolePolicyDocument
12,193
You can specify an AWS IAM user using the AWS
key instead of Service
as the Principal
for a role policy document, including an AssumeRolePolicyDocument:
"Principal": { "AWS": "arn:aws:iam::AWS-account-ID:user/user-name" }
Refer to the Specifying a Principal section of the IAM Policy Elements Reference for full details.
Author by
Sam S.
Updated on June 07, 2022Comments
-
Sam S. almost 2 years
So I'm constructing a cf stack for a role in AWS and I don't know how to go about the
AssumeRolePolicyDocument
field when designing a role that is not resource-based.All the examples I've tried to look up each have a specific AWS resource designated under the
"Principal"
field (e.g."Service": "ec2.amazonaws.com"
).What's the correct way to go about the
AssumeRolePolicyDocument
field for roles that are designed for users, not resources?-
wjordan about 7 yearsCould you provide more context on the problem you're trying to solve, for example, what sort of use-case are you designing the role for?
-
Sam S. about 7 yearsThis is just for a dev role for a specific engineering division. You answered the question perfectly below! Thanks.
-