amazon web services - Unable to Connect AWS to boxfuse -
i trying connect boxfuse aws account getting below. highly appreciated
`role arn arn:aws:iam::535880694150:role/boxfuse-access has not been configured. please check configuration , try again. (awssecuritytokenservice: accessdenied -> user: arn:aws:iam::762186188748:user/boxfuse-console not authorized perform: sts:assumerole on resource: arn:aws:iam::535880694150:role/boxfuse-access)`
i followed instructions provided boxfuse, missing something, need special.i used policy provide boxfuse
{"version": "2012-10-17","statement":[ {"sid":"allow","effect":"allow","resource":["*"], "action":["ec2:*","elasticloadbalancing:*","autoscaling:*","rds:*","cloudwatch:*","iam:listinstanceprofiles","iam:passrole"]}, {"sid":"ec2deny","effect":"deny", "action":["ec2:*"],"resource":["*"],"condition":{"stringequals":{"ec2:resourcetag/boxfuse:ignore":"true"}}}, {"sid":"rdsdeny","effect":"deny", "action":["rds:*"],"resource":["*"],"condition":{"stringequals":{"rds:db-tag/boxfuse:ignore":"true"}}}]}
this how trust relationship in iam role policy looks
{ "version": "2012-10-17", "statement": [ { "effect": "allow", "principal": { "aws": "arn:aws:iam::762186188748:root" }, "action": "sts:assumerole", "condition": { "stringequals": { "sts:externalid": "uxvmgxwfii4944dh" }, "bool": { "aws:multifactorauthpresent": "true" } } } ] }
as stated in instructions, multi-factor access should turned off. in case can fixed updating policy document to:
{ "version": "2012-10-17", "statement": [ { "effect": "allow", "principal": { "aws": "arn:aws:iam::762186188748:root" }, "action": "sts:assumerole", "condition": { "stringequals": { "sts:externalid": "uxvmgxwfii4944dh" } } } ] }
Comments
Post a Comment