where to configure AWS trust relationship?

Question

I can't find this setting on the web interface for AWS:

You also need to edit the Trust relationship for the role to allow the account (even if it's the same) to assume the role.
open the role that you want to assume in the console
click on the "Trust Relationships" tab
click on "Edit RelationShip"

Is there perhaps a screenshot? I'm reading the AWS Command Line Interface User Guide manual, but don't see where to configure the Trust Relationship.

thufir@doge:~$ 
thufir@doge:~$ cat .aws/config 
[default]
output = text
region = us-west-2



[profile thufir]
role_arn = arn:aws:iam::1234567890:user/thufir
source_profile = default

thufir@doge:~$ 
thufir@doge:~$ aws iam list-users
USERS   arn:aws:iam::1234567890:user/thufir 2017-01-02T10:09:01Z    /   ABCDEFGIJKL thufir
thufir@doge:~$ 
thufir@doge:~$ aws s3 ls --profile thufir

An error occurred (AccessDenied) when calling the AssumeRole operation: Roles may not be assumed by root accounts.
thufir@doge:~$ 
thufir@doge:~$ export AWS_DEFAULT_PROFILE=thufir
thufir@doge:~$ 
thufir@doge:~$ aws s3 ls --profile thufir

An error occurred (AccessDenied) when calling the AssumeRole operation: Roles may not be assumed by root accounts.
thufir@doge:~$

score 2 · Accepted Answer · answered Jan 03 '17 at 14:04

2

Using the AWS console, visit IAM roles, then click on the relevant role. Once you do that, you'll see a page like this, with the Trust Relationships tab:

answered Jan 03 '17 at 14:04

jarmod

71,565
16
115
122

where to configure AWS trust relationship?

1 Answers1