So as mentioned in the title I need to assume role of one of my child accounts using boto3 and python. I am making a request from the master account and with an IAM user cause as I read a root account can not assume role, only user. So the user is created, has admin permissions and I have also created a custom policy, here is the JSON:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:*",
"Resource": "*"
}
]
}
But I keep getting:
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the AssumeRole operation: Access denied
Btw, here is my code:
sts = boto3.client('sts')
response = sts.assume_role(
RoleArn='arn:aws:organizations::123456789:account/Master',
RoleSessionName='currentSession'
)
And yes, I have credentials and config set locally.