1. Access to a principal in the source account (other than the source role)
  2. The principal has AssumeRole with resource * (never do that!), or access to change that principal’s policy to allow AssumeRole on the destination role. Note this likely implies the ability to allow AssumeRole on the source role in the same account.
  3. The source role’s trust policy does not allow this principal to assume it.
  4. The principal cannot change the source role’s trust policy.
  1. The principal has sts:AssumeRole on at least the destination role
  2. The source role’s trust policy does not allow the principal to assume it

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store