AWS Role Chaining using STS AssumeRole

We have a requirement, wherein access to all AWS accounts in a set of accounts is allowed only through role assumed in one of the accounts, which in turn is trusted by roles by the remaining accounts. This means that, we would first need to assume the role in first aaccount and then use tokens/credentials of that role to assume roles in the other Accounts (i.e. role chaining)

Is it possible to achieve access tokens/credentials based on AWS role chaining using STS AssumeRole mechanism.

AWS Role Chaining: Roles terms and concepts - AWS Identity and Access Management ( Search for role chaining in the page)

If possible, can you please point out the relevant document enumerating the mechanism to achieve this.

From what I understand, we can only use the STS AssumeRole to obtain the tokens/credentials after assuming the first role. Can this be extended to get credentials/tokens for chained roles.

1 Like