How to Modify a Role Trust Policy Using the Console?
- Login to the Management Console and head straight to the IAM console using the following link https://console.aws.amazon.com/iam/.
- From navigation pane, click on Roles.
- From the roles listed in your account, select the name of which role you’d like to modify.
- Click on Trust relationships tab, then select Edit trust relationship.
- Modify the trust policy as required. For the sake of adding extra principals for assuming this role, you will need to go ahead and get them specified in Principal The below example is a policy snippet which illustrates the way of referencing 2 accounts in Principal element:
“Principal”: {
“AWS”: [
“arn:aws:iam::111122223333:root”,
“arn:aws:iam::444455556666:root”
]
},
In the below policy snippet check out the way of referencing 2 services in Principal element:
“Principal”: {
“Service”: [
“opsworks.amazonaws.com”,
“ec2.amazonaws.com”
]
},
- Upon being done with the modification of your trust policy, select the option Update Trust Policyfor getting you changes saved.
How to grant users in a trusted external account the ability to utilize a role using the console?
- First you will need to login to your trusted external account.
- Choose if you’d like to get the permissions attached to a group or just a user. From navigation pane, click on either Usersor Groups as required.
- Select a group’s or user’s name of whom you wish to give permission to, then click on the Permissions
- You can perform 1 of the below actions:
– For the sake of editing a customer managed policy, click on that policy’s name, then select Edit policy, and click on the JSON tab. It’s not possible to get a managed policy edited. Managed policies will show along with the following icon ( ).
– For the sake of editing an inline policy, click on the arrow beside the policy’s name then select the option Edit policy.
- From inside the policy editor, get a newly added Statementelement which defines the below data:
{
“Effect”: “Allow”,
“Action”: “sts:AssumeRole”,
“Resource”: “arn:aws:iam::ACCOUNT-ID:role/ROLE-NAME”
}
Instead of the ARN found in this above statement, enter the ARN associated with the required role which can be assumed by the user.
- Proceed with the prompts for get done with the policy editing.
How to Modify a Role Permissions Policy using the Console?
For changing the allowed role permissions through the console, go through the following steps:
- Head straight to IAM console using the following link https://console.aws.amazon.com/iam/.
- From under IAM console navigation pane, click on Roles.
- Select the role’s name for required modification, and select the Permissions
- Then, perform 1 of the below listed actions:
– For the sake of editing an already found customer managed policy, you will need to select this policy’s name then click on the option Edit policy.
Keep in Mind
It’s not possible to get a managed policy edited, and those policies will show up along with the following icon ( ).
– For the sake of getting an already existing managed policy attached to your role, click on the option Add permissions.
– For the sake of editing an already found inline policy, click on the arrow which is located beside that policy’s name and click on the option Edit Policy.
– For the sake of embedding a newly created inline policy, click on the option Add inline policy.
How to Modify a Role Description using the Console?
For the sake of altering the description of a specific role, you will need to get its description text modified.
For changing the role’s description using the console, follow the below steps:
- login to the Management Console then head straight to IAM console through the following link https://console.aws.amazon.com/iam/.
- From IAM console’s navigation pane, click on Roles.
- Click the role’s name that you’d like to get modified.
- Beside the option Role descriptionlocated on the right, click on the option Edit.
- Enter another description of your choice into the box then select Save.
How to Modify a Role Maximum Session Duration by Using the Console?
Change maximum session duration setting’s value for setting a specifically chosen maximum, which is from One hour to Twelve hours.
In case this value did not get specified, it will get a default value of One hour.
For the sake of getting the maximum session duration setting changed for roles which are assumed through API or CLI using the console, go through the following steps:
- Login to Management Console and head straight to the IAM console using this link https://console.aws.amazon.com/iam/.
- From IAM console’s navigation pane, click on Roles.
- Select the role’s name that you’d like to modify.
- Beside the section Maximum CLI/API session durationselect a specific value. Otherwise, click on the option Custom duration and enter a particular value which must be a duration in seconds.
- Click on Save.
Those changes will not be in place up until the time that another user assumes this role.
How to Modify a Role Permissions Boundary Using the Console?
For changing which policy is utilized for the sake of specifying the role’s permissions boundary, you will have to go through the following steps:
- Login to the Management Console and head straight to the IAM console by using the following link https://console.aws.amazon.com/iam/.
- From navigation pane, click on the option Roles.
- Select the role’s name which you’d like to change its permissions boundary.
- Click on the Permissions In case it’s required, you will need to head to the Permissions boundarysection then click on the option Change boundary.
- Choose which policy you’d like to start using for the permissions boundary.
- Click on the option Change boundary.
Those changes will not be in place up until the time that another user assumes this role.