AWS Trust Policy Update
Customers who set up their AWS trust policy before October 19th, 2021 need to change their trust policy.
The best way to do this is to edit the JSON document directly in your AWS console. Please refer to the AWS documentation.
Below you can see an example for the current trust policy, although your "ExternalId" will differ.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::106512308171:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"ForAnyValue:StringEquals": {
"sts:ExternalId": [
"6e980605-81ef-40c2-bc56-1a1a0a92c442",
"89f60ed0-7f00-4a48-a8c5-8b35b836a931"
]
}
}
}
]
}
A new AWS production account ID (814235745176) has to be added to the "Principal" section of the trust policy. Having both the current and new account IDs in the trust policy will ensure uninterrupted service during our upcoming migration. The new entry will look like this:
"Principal": {
"AWS": ["arn:aws:iam::106512308171:root", "arn:aws:iam::814235745176:root"]
},
Updated 11 months ago