I am trying to get temporary credentials to upload files to S3 bucket. I am using credentials of an IAM user to call STS assumeRole method. The Role is created via AWS Cognito. Below is the IAM user Policy and the role Policy,
Error Msg:
POST https://sts.amazonaws.com/ 403 (Forbidden)
User: arn:aws:iam::########:user/iamUser is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::#########:role/myRole
IAM User Policy
{
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetBucketLocation", "s3:ListAllMyBuckets"],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": ["s3:ListBucket" ],
"Resource": [ "arn:aws:s3:::myBucket"]
},
{
"Effect": "Allow",
"Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:GetObjectAcl","s3:PutObjectAcl"],
"Resource": [ "arn:aws:s3:::myBucket/*"]
},
{
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": ["arn:aws:iam::###########:role/myRole"]
},
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": ["arn:aws:iam::###########:role/myRole"]
}
]
}
Role Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1420643359000",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::myBucket"
]
}
]
}