Complete the code to specify the AWS CLI command to assume a role.
aws sts [1] --role-arn arn:aws:iam::123456789012:role/demo --role-session-name session1
The assume-role command is used to get temporary credentials by assuming an IAM role.
Complete the JSON policy snippet to allow assuming a role.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:[1]",
"Resource": "arn:aws:iam::123456789012:role/demo"
}
]
}The sts:AssumeRole action allows a user or service to assume the specified IAM role.
Fix the error in the AWS CLI command to assume a role with a session duration of 1 hour.
aws sts assume-role --role-arn arn:aws:iam::123456789012:role/demo --role-session-name session1 --duration-seconds [1]
The --duration-seconds parameter expects the session duration in seconds. 1 hour equals 3600 seconds.
Fill both blanks to complete the trust policy that allows EC2 instances to assume a role.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {"Service": "[1]"},
"Action": "[2]"
}
]
}The trust policy must specify the EC2 service as the principal and allow the sts:AssumeRole action for EC2 instances to assume the role.
Fill all three blanks to complete the Python boto3 code snippet that assumes a role and retrieves temporary credentials.
import boto3 client = boto3.client('sts') response = client.[1]( RoleArn='arn:aws:iam::123456789012:role/demo', RoleSessionName='session1' ) credentials = response['[2]'] access_key = credentials['[3]']
The assume_role method is called to assume the role. The temporary credentials are in the 'Credentials' key, and the access key ID is accessed via 'AccessKeyId'.