Unable to assume role via aws-vault other than on default profile
mateuszka77 opened this issue · comments
I cannot assume role straight away from aws-vault command:
aws-vault --debug exec --no-session targetProfile -- aws s3 ls
Error:
[keyring] Found item "aws-vault (default)" Assuming role arn:aws:iam::xxx:role/xxxx with iam credentials aws-vault: error: Failed to get credentials for default (source profile for targetProfile): AccessDenied: User: arn:aws:iam::xxxx:user/xxxx is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::xxx:role/xxx status code: 403, request id: someid
My aws/config
`[default]
region = eu-west-1
output = json
mfa_serial=arn:aws:iam::<acc_id>:mfa/myusername
[profile comoyonerd]
role_arn=arn:aws:iam::<acc_id2>/role/assumedtargetrole
source_profile=default`
I am able to run
aws-vault exec default -- aws sts assume-role --role-arn "arn:aws:iam::xxx:role/xxx" --role-session-name Test
and once i make exports:
export AWS_ACCESS_KEY_ID=RoleAccessKeyID export AWS_SECRET_ACCESS_KEY=RoleSecretKey export AWS_SESSION_TOKEN=RoleSessionToken
I am able to access AWS via CLI and run commands
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.