AWScloud~30 mins

Assuming roles for temporary access in AWS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Assuming Roles for Temporary Access in AWS

📖 Scenario: You are managing AWS resources and want to allow a user to temporarily access another AWS account's resources securely. This is done by assuming a role that grants temporary permissions.

🎯 Goal: Create an AWS IAM role trust policy and write the AWS CLI command to assume that role for temporary access.

📋 What You'll Learn

Create a trust policy JSON that allows a specific AWS account to assume the role

Define the role name as TemporaryAccessRole

Write the AWS CLI command to assume the role using the exact role ARN

Use the session name TempSession in the assume-role command

💡 Why This Matters

🌍 Real World

Temporary access by assuming roles is a common practice to securely delegate permissions across AWS accounts without sharing long-term credentials.

💼 Career

Understanding role assumption and trust policies is essential for AWS administrators, security engineers, and cloud architects to manage secure access and permissions.

Progress0 / 4 steps

Create the trust policy JSON

Create a variable called trust_policy and assign it a JSON string that allows the AWS account with ID 123456789012 to assume the role. The policy must have Version set to "2012-10-17" and a Statement with Effect set to "Allow", Principal with "AWS": "arn:aws:iam::123456789012:root", and Action set to "sts:AssumeRole".

AWS

# Your code here

Need a hint?

Use a JSON string with the exact keys and values for the trust policy.

Define the role name

Create a variable called role_name and set it to the string "TemporaryAccessRole".

AWS

trust_policy = '{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::123456789012:root"}, "Action": "sts:AssumeRole"}]}'
# Your code here

Need a hint?

Assign the exact string "TemporaryAccessRole" to the variable role_name.

Write the AWS CLI assume-role command

Create a variable called assume_role_command and assign it the AWS CLI command string to assume the role. Use the role ARN arn:aws:iam::123456789012:role/TemporaryAccessRole and the session name TempSession. The command should start with aws sts assume-role.

AWS

trust_policy = '{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::123456789012:root"}, "Action": "sts:AssumeRole"}]}'
role_name = "TemporaryAccessRole"
# Your code here

Need a hint?

Use the exact role ARN and session name in the AWS CLI command string.

Complete the role creation command

Create a variable called create_role_command and assign it the AWS CLI command string to create the IAM role named TemporaryAccessRole with the trust policy stored in trust_policy. Use the command aws iam create-role with --role-name and --assume-role-policy-document options. Assume the trust policy is saved in a file called trust-policy.json.

AWS

trust_policy = '{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::123456789012:root"}, "Action": "sts:AssumeRole"}]}'
role_name = "TemporaryAccessRole"
assume_role_command = "aws sts assume-role --role-arn arn:aws:iam::123456789012:role/TemporaryAccessRole --role-session-name TempSession"
# Your code here

Need a hint?

Use the exact AWS CLI syntax to create the role with the trust policy file.