☁️
AWS Solutions Architect Associate SAA-C03 Study Notes/
🔶
AWS Identity and Access Management (IAM)/
🔷
IAM – Trust Policy
🔷

IAM – Trust Policy

  • A trust policy is a JSON document that defines who (which principal) is allowed to assume a role.
  • It is attached to the IAM role itself and controls the relationship between the trusting account (role owner) and the trusted entity (who can assume it).
  • The Principal element specifies the AWS account, IAM user, role, or service that can assume the role.
  • The Action element is typically sts:AssumeRole (or sts:AssumeRoleWithSAML / sts:AssumeRoleWithWebIdentity for federated access).
  • Without a valid trust policy, no one can assume the role, even if the identity has permissions in an identity-based policy.