Thursday, 20 May 2021

How to change AWS trusted user "sts ExternalId" using python?

In my IAM policy Trust Relationship is showing like below

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::279121212121212:user/ai-s-p57s13"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "xxxxxxxxxxx=2_0vy+PyUFdt728JrFjqeCOau62zU="
        }
      }
    }
  ]
}

now i want change Trust Relationship aws ,sts:ExternalIdid to new values like below usingpython :`

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::333333333333:user/ai-s-p57s13"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "yyyyyyyyyy=2_0vy+PyUFdt728JrFjqeCOau62zU="
        }
      }
    }
  ]
}

using python i want to change

i have tried using below code :

import boto3

client = boto3.client('iam')
response = client.attach_role_policy(RoleName='testrole', PolicyArn='arn:aws:iam::279121212121212:user/testrole')
trust_policy = response['Role']['AssumeRolePolicyDocument']
trust_policy['Statement'][0]['Principal'] ['AWS']= 'arn:aws:iam::279121212121212:user/ai-s-p57s13'


from How to change AWS trusted user "sts ExternalId" using python?
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)