aws assuming existing role policy and testing to see if it works

We are going to assume an existing role that has permission to s3 bucket. So in this setup we will be setting up a policy called "mydummy-strong-role-s3" and then granted permission called "AmazonS3FullAccess".

This is what our trust policy looks like for mydummy-strong-role-s3. This says that user jeremydev can assume this role. 

{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Principal": {
              "Service": "lambda.amazonaws.com"
          },
          "Action": "sts:AssumeRole"
      },
      {
          "Effect": "Allow",
          "Principal": {
              "AWS": "arn:aws:iam::<user-id-number>:user/jeremydev"
          },
          "Action": "sts:AssumeRole"
      }
  ]
}

Next, we will provide permission to this role. In the IAM -> ensure we have the role selected and then under permission -> Add permission. Add the permission "AmazonS3FullAccess".

We can create a policy and specify who can assume that role using the following 

To see which user your aws cli is running on, use the following command 

aws sts get-caller-identity

To test this out in your aws cli, let's assume this role by running 

aws sts assume-role --role-arn "arn:aws:iam::<role-id-aws>:role/mydummy-strong-role-s3" --role-session-name "SuperDevSession" which outputs the followings 

{
  "Credentials": {
      "AccessKeyId": "",
      "SecretAccessKey": "",
      "SessionToken": "",
      "Expiration": ""
  },
  "AssumedRoleUser": {
      "AssumedRoleId": "",
      "Arn": ""
  }
}

Next let's see if you can list the s3 resources using 

aws s3 ls



















Comments

Post a Comment

Popular posts from this blog

gemini cli getting file not defined error

Image
 While trying to run gemini cli on my windows linux subsystem, i bump into this error here - "/Roaming/npm/node_modules/@google/gemini-cli/node_modules/undici/lib/web/webidl/index.js:512 webidl.is.File = webidl.util.MakeTypeAssertion(File)"  "ReferenceError: File is not defined" In Node.js, there’s no built-in File (until very recent Node 20+ with experimental WHATWG APIs). So, unless polyfilled, File is undefined, leading to the ReferenceError. And to resolve this, I had to upgrade to node 22 (might work for node 20) and then I was able to run it.
Read more

NodeJS: Error: spawn EINVAL in window for node version 20.20 and 18.20

Encounter this issue when running autorest (that uses nodejs).  I am using node version:  v18.20.2 After i revert to use node v18.12.0, then i was able to get my app to run without this error. Since i am working with Azure devops yaml, i was able to use the following to resolve my issue.  - task : NodeTool@0   inputs :     versionSource : 'spec'     versionSpec : '18.18.0'
Read more

vllm : Failed to infer device type

Trying to run vllm without gpu will typicaly lands you into this issue. To resolve this issue: we can use set these both. Setting one does not work for me. So i had to configure both settings below:- 1.  environment variable CUDA_VISIBLE_DEVICES = "" 2. in the command line, change to use device cpu and remove  tensor-parallel-size. For example, python3 -m vllm.entrypoints.openai.api_server --port 8080 --model deepseek-ai/DeepSeek-R1 --device cpu --trust-remote-code --max-model-len 4096" References https://docs.vllm.ai/en/latest/getting_started/troubleshooting.html#failed-to-infer-device-type
Read more