1. Access to a principal in the source account (other than the source role)
  2. The principal has AssumeRole with resource * (never do that!), or access to change that principal’s policy to allow AssumeRole on the destination role. Note this likely implies the ability to allow AssumeRole on the source role in the same account.
  3. The source role’s trust policy does not allow this principal to assume it.
  4. The principal cannot change the source role’s trust policy.
  1. The principal has sts:AssumeRole on at least the destination role
  2. The source role’s trust policy does not allow the principal to assume it

--

--

--

Cloud Robotics Research Scientist at @iRobot

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Building a dynamic AWS Pipeline with CDK

CS373 Fall 2021 Week 3: Nathan Eisenberg

Would you like to store values? Think of a Variable :)

How To Get Paid To Test (Up To $300 Per Test) | 2019

Stream your data to Power BI with Python

Join Swash, Streamr, and Ocean Protocol at the World Ethical Data Forum — Wednesday 17 March 2021

GCP CIS Benchmark Terraform Module Testing with Chef Inspec, Kitchen-Terraform & GitHub Actions —…

Setting Up AWS EC2 Instance for Beginners

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ben Kehoe

Ben Kehoe

Cloud Robotics Research Scientist at @iRobot

More from Medium

Infrastructure pipelines: How are they different from application CDs?

Why Encrypting Your CloudWatch Logs With KMS Is Easier Than You Think

Compliance Checking in AWS

TrackIt AWS Terminator