gwsu2008 · February 5, 2021 23:28
diff --git a/iam assume role b/iam assume role
 first configure role to allow assume role in trust relationship
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::12345678:user/xyz",
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
 }

 create iam policy to assume role
 {
    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Allow",
        "Action": "sts:AssumeRole",
        "Resource": "arn:aws:iam::12345678:role/my-role"
    }
 }

 ec2-instance
 [profile sandbox]
 output = json
 region = us-west-2
 role_arn = arn:aws:iam::1111111111:role/my-role
 credential_source = Ec2InstanceMetadata
	first configure role to allow assume role in trust relationship
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Principal": {
	"AWS": "arn:aws:iam::12345678:user/xyz",
	"Service": "ec2.amazonaws.com"
	},
	"Action": "sts:AssumeRole"
	}
	]
	}

	create iam policy to assume role
	{
	"Version": "2012-10-17",
	"Statement": {
	"Effect": "Allow",
	"Action": "sts:AssumeRole",
	"Resource": "arn:aws:iam::12345678:role/my-role"
	}
	}

	ec2-instance
	[profile sandbox]
	output = json
	region = us-west-2
	role_arn = arn:aws:iam::1111111111:role/my-role
	credential_source = Ec2InstanceMetadata