-
-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is "Condition": {}
really necessary?
#66
Labels
Comments
I'll try creating a role in a Jupyter notebook without it. |
import boto3, json
iam = boto3.client("iam")
sts = boto3.client("sts")
iam.create_role(
Description=(
"Testing create_role without Condition"
),
RoleName="testing-create-role-without-condition",
AssumeRolePolicyDocument=json.dumps(
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::{}:root".format(sts.get_caller_identity()["Account"])
},
"Action": "sts:AssumeRole",
}
],
}
),
) returns:
So this works fine. |
I deleted the role I created like this: iam.delete_role(
RoleName='testing-create-role-without-condition'
) That worked the first time. I tried running it a second time out of curiosity and it gave me an error because the role was already deleted. |
simonw
added a commit
that referenced
this issue
Jan 25, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Here:
s3-credentials/s3_credentials/cli.py
Lines 733 to 745 in 7fb4db1
The text was updated successfully, but these errors were encountered: