AWS Console > switch to user

0
votes

How would you switch to a user in the AWS console?

I've set up an IAM policy for a user and I'd like to test whether they're working or not.

I've tried switching roles http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-console.html

using the account id from the User ARN (e.g. 

arn:aws:iam::<account id>:user/<username>

in 

https://signin.aws.amazon.com/switchrole

using: 

Account: <account id>
Role: test_user
Display Name: Test User

then clicking Switch Role but I get:

Could not switch roles using the provided information. Please check your settings and try again. If you continue to have problems, contact your administrator.

Note: I am an Admin with full access.

2
amazon-web-servicesamazon-iam

2 Answers

1
votes

You cannot use the Switch Role functionality to switch to a User.

You have two options:

  • Login as the User you wish to test, or
  • Create a Role with the same permissions, switch to the Role, then test

The easiest is to simply login as the user you wish to test. However, this can be a poor security practice because you are using another person's account and any actions you perform would be recorded against that user in Amazon CloudTrail (audit trail).

Alternatively, you could create a new IAM Role and assign exactly the same permissions to that Role. You would also need to assign a Trust Policy to the role to permit it to be used by you (your IAM User). You can then switch to that role in the console. This will work, unless you have any policies that specifically reference the User you wish to test (which will not recognise your Role permissions).

-2
votes

The best way to do this is fully log out of the AWS console. Or you can use a different browser so you can be logged into both at the same time.