aws-doc-sdk-examples icon indicating copy to clipboard operation
aws-doc-sdk-examples copied to clipboard
verified publisher icon awsdocs

Epic: IAM SOS MVP

Open brmur opened this issue 4 years ago • 0 comments

Implement this scenario across all SDKs and use the service action calls to create API examples.

Scenario

Assume a role with limited permissions

How to let a user assume a role with limited permissions and perform actions on an AWS service.

  1. Create a user that has no permissions.
  2. Create a role and policy that grant s3:ListAllMyBuckets permission.
  3. Grant the user permission to assume the role.
  4. Create an S3 client object as the user and try to list buckets (this should fail).
  5. Get temporary credentials by assuming the role.
  6. Create an S3 client object with the temporary credentials and list the buckets (this should succeed).
  7. Delete all the resources.

Service actions

These are the top customer actions per metrics and must be included as single-API examples.

ListRoles GetRole ListUsers ListPolicies ListGroups CreateServiceLinkedRole AttachRolePolicy CreateRole GetAccountPasswordPolicy ListAttachedRolePolicies ListSAMLProviders GetPolicy ListRolePolicies

These additional actions are used in the above scenario and may also be included as single-API examples.

CreateUser CreateAccessKeyPair CreatePolicy CreateUserPolicy STS:AssumeRole DetachRolePolicy DeletePolicy DeleteRole DeleteUserPolicy DeleteAccessKeys DeleteUser

Prototype

Python assume_role.py

User stories

  • [x] #2561
  • [x] #2645
  • [x] #2652
  • [x] #2653
  • [x] #2646
  • [x] #2647
  • [x] #2648
  • [x] #2654
  • [x] #2649
  • [x] #2650
  • [ ] #3590

brmur avatar Dec 13 '21 14:12 brmur