AWS support for roles

Advertisement

fabiopedrosa
Joined:
Posts:
1

AWS support for roles

Although WinSCP allows us to chose a profile, it doesn't allow us to assume a role.

Profiles are defined in ~/.aws/credentials but roles are defined in ~/.aws/config such as:
[profile management]
role_arn=arn:aws:iam::110049787138:role/AwsCrossAccountAdministrator
region=us-west-2
source_profile=terraform_credentials
role_session_name=terraform-configuration

Reply with quote

Advertisement

szasza
Joined:
Posts:
2

Clarification on roles

Hi Martin,

So how AWS works is that your IAM user can have multiple IAM roles, sometimes in different AWS accounts. Scenario: I have an user created in AWS account A, but I want to access a bucket in account B.

One achieves this by authenticating with AWS using the various credentials, and then assuming a role in account B. As @fabiopedrosa described, the access ID and secret key (Account A) gets read from .aws/credentials, but the role_arn (the role in Account B we want to assume) is stored in .aws/config (role_arn). The respective API call for assuming a role is described here: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html

It is also important to note that this role is attached to the IAM user. I am not talking about the EC2 instance's instance role which was implemented in Issue 2089 – Allow S3 connection with IAM role instead of credentials.

Reply with quote

Advertisement

You can post new topics in this forum