I am new to AWS IAM Roles.
Here scenario is, I have an IAM Role (DDBReadRole) for DynamoDB read access (in Account P lets say). And we have 2 lambda execution roles L1,L2 in Account B, Account C respectively. Now these 2 lambda executions roles need to be added to DDBReadRole access Trust Entities relation
For this I am writing {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": ["arn:aws:iam::<AccountBId>:role/<AccountBRole>", "arn:aws:iam::
<AccountCId>:role/<AccountCRole>"]
},
"Action": "sts:AssumeRole"
}
]
}
I got an other option
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<AccountBId>:role/<AccountBRole>
},
"Action": "sts:AssumeRole"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<AccountCId>:role/<AccountCRole>"
},
"Action": "sts:AssumeRole"
}
]
}
Can some one please help me which is the correct way to add 2 AWS Principals in trust entities!!
Both are correct, and you can use any of them. But the first form is usually used, because its shorter.