We’ve decided to deprecate our aws-assume-role repo in favor of using aws-vault by 99 Designs.
Assume Role via AWS Web Console Important Due to the security implications, IAM policies are set up by default to only allow the root AWS account to assume roles into other accounts. Log into the AWS root acccount Example AWS root login Click on [email protected] @ example-root-aws drop down at the top of the console and select Switch Role Enter the AWS account id of the member account in the Account field Use OrganizationAccountAccessRole as the Role (Optional) Pick Display Name and choose a Color for the role Example AWS switch role Assume Role via CLI (using aws-vault) First, ensure that the proper profiles are setup following Authorization.
Make sure your TLS certificates match the kiam-server hostname and that no orphaned iptable rules exist for legacy IAM metadata service such as kube2iam
Assuming roles are properly configured, this usually happens due to AWS API rate limiting.
aws-vault is a utility for securely managing secrets with AWS Systems Manager (SSM) Parameter Store and KMS