CloudMormation IAM Role - AssumeRolePolicyDocument

Question

CloudMormation IAM Role - AssumeRolePolicyDocument

So, I am creating a cf stack for a role in AWS, and I do not know how to do this in the AssumeRolePolicyDocument field when developing a non-resource based role.

All the examples I tried to view have a specific AWS resource specified in the "Principal" field (for example, "Service": "ec2.amazonaws.com" ).

What is the correct way to use the AssumeRolePolicyDocument field for roles intended for users and not resources?

+5

amazon-web-services amazon-iam amazon-cloudformation amazon-policy

Sam S. Jan 31 '17 at 15:55

source share

1 answer

wjordan · Accepted Answer · 2017-01-31T16:19:27+0000

You can specify the AWS IAM user using the AWS key instead of Service as the Principal for the role policy document, including AssumeRolePolicyDocument:

 "Principal": { "AWS": "arn:aws:iam::AWS-account-ID:user/user-name" }

For more information, see Principal Specification in IAM Policy Elements.

CloudMormation IAM Role - AssumeRolePolicyDocument

More articles: