IAM: Cannot create Principal of ARN role in trust relationship #26482
Labels
@aws-cdk/aws-iam
Related to AWS Identity and Access Management
bug
This issue is a bug.
needs-triage
This issue or PR still needs to be triaged.
Describe the bug
I would like to create a trust relationship with a specific role in a different account and not use the account principal.
The final result I want is this trust relationship (as in this example)
This is what I am doing
This fails with the following error
Expected Behavior
I would expect to see the trust relationship policy with the IAM role as Principal.
This should work as the CDK docs say:
Note that if I use the account Principal ARN like this it works:
But I don't want to give permission to the entire account and want to restrict to the individual role.
Current Behavior
Reproduction Steps
Deploy this stack to replicate the issue
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.88.0
Framework Version
No response
Node.js Version
v16.20.1
OS
Mac OS Ventura 13.4.1
Language
Typescript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: