'Can IAM user be assumed from IAM Role within the same account?

We have an IAM user and an IAM Role in account A. The IAM user can access S3 bucket in account B but IAM role can't access it.

We want to access S3 bucket in account B with IAM role (We don't own account B hence don't want to bother the owner of account B)

Can we make IAM role to assume the IAM user within the same account A, and then access the S3 bucket in account B.

amazon-iam


Solution 1:[1]

No, an IAM role cannot assume an IAM user. IAM users cannot be assumed. The only way to use the IAM user is to use the IAM user's credentials, either the API Key/Secret or the username/password via the console.

The best solution will be to have account B update the bucket policy to trust the account A root instead of a specific IAM user.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 cementblocks

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function