Allow OperatorUser switch role

Allow OperatorUser to switch role

ℹ️ When creating the OperatorUser, no permissions are initially assigned. To enable the OperatorUser to assume the AdminRole, specific permissions must be granted to allow this role transition.

  1. Once the IAM Role AdminRole and IAM User OperatorUser have been created, follow these steps to configure the necessary permissions:

    • Navigate to the main interface of the IAM service.
    • Click on Users.
    • Select the OperatorUser from the list.

    AWS IAM

  2. To grant the required permissions, proceed with the following:

    • Click on Add inline policy.

    AWS IAM

⚠️ The inline policy is assigned directly to the specific IAM User and will not be shared with other IAM Users.

  1. Configure the policy by following these steps:

    • Click on the JSON tab.
    • Enter the policy content below, ensuring to replace <ACCOUNTID> with your actual account ID, and confirm that the AdminRole role has been previously created.
    • This policy facilitates the IAM User’s ability to assume the AdminRole role within the specified account ID.
    • After configuring the policy content, click Review Policy.
{
   "Version": "2012-10-17",
   "Statement": {
       "Effect": "Allow",
       "Action": "sts:AssumeRole",
       "Resource": "arn:aws:iam::<ACCOUNTID>:role/AdminRole"
   }
}

AWS IAM

  1. Name the inline policy AllowSwitchAdminPolicy.

    Click Create Policy.

AWS IAM