I have created an assume role 2 months back in a dev account and update my root user in trust relationship . Terraform was working fine with that configuration
Now I have done the same thing , but while running terraform plan , am getting this error ,
Error: operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: c0e2ae10-cbaf-44b3-9ecc-16e180405088, api error AccessDenied: User: arn:aws:sts::xxxxxxxxxxxx:assumed-role/demo/aws-go-sdk-1667304405742939100 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::xxxxxxxxxxxx:role/demo
I dont know whats the reason , the roles and trust relationship were exactly same , but may I know whats the reason for this error?
It sounds like your user does not have the ability to assume the role (sts:AssumeRole permission). Check that the trusted relationships includes a statement like:
This portion of the Role ARN, aws-go-sdk-1667304405742939100, is just a session name, and it will keep changing when a new STS token is requested. It has no bearing on the role being assumed.
Back to what @ gstotts was saying, based on the error, it sounds like the IAM user “demo” does not have permissions to assume the demo role.