You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
now if I run the ~same (without --no-session) command from a aws-vault exec sandbox aws sts assume-role --role-arn "arn:aws:iam::REDACTED:role/redacted" --role-session-name toto
I get
An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:iam::REDACTED:user/redacted is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::REDACTED:role/redacted
arn:aws:iam::REDACTED:user/redacted IS allowed to assume the role since outside aws-vault it works. Apparently aws-vault gets me into a special kind of session for my own user (short term credentials) https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html that could limit my capabilities to assume a role ?
Reading the doc https://github.com/99designs/aws-vault/blob/master/USAGE.md#session-duration (and the aws official one) I could not find anything about these limitations . did I miss anything in my IAM configuration or is this an aws-vault fault ? would it work with mfa ?
The text was updated successfully, but these errors were encountered:
I think I lack knowledge about how AWS works. This might be a generic AWS question but also could be worth making clearer.
I have a role ROLE I successfully assume with
now if I run the ~same (without
--no-session
) command from aaws-vault exec sandbox aws sts assume-role --role-arn "arn:aws:iam::REDACTED:role/redacted" --role-session-name toto
I get
arn:aws:iam::REDACTED:user/redacted
IS allowed to assume the role since outside aws-vault it works. Apparently aws-vault gets me into a special kind of session for my own user (short term credentials) https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html that could limit my capabilities to assume a role ?Reading the doc https://github.com/99designs/aws-vault/blob/master/USAGE.md#session-duration (and the aws official one) I could not find anything about these limitations . did I miss anything in my IAM configuration or is this an aws-vault fault ? would it work with mfa ?
The text was updated successfully, but these errors were encountered: