sts:AssumeRole失败

Question

我正在尝试从EMR运行Spark访问AWS Glue表，我在我的CloudTrail中得到了以下错误

User: arn:aws:sts::00000000000:assumed-role/EMR_EC2_XXXXX_XXXXXX_POLICY/i-3232131232131232 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::00000000000:role/EMR_XXXXXX_XXXXXX_POLICY

EMR_EC2_XXXXX_XXXXXX_POLICY是为集群中EC2实例的实例配置文件提供的角色，EMR_XXXXXX_XXXXXX_POLICY是EMR的角色，两个角色都有AWSS3FullAccess和策略来访问附加的KMS密钥，另外EC2角色有ElasticMapReduceRoleforEc2，EMR有ElasticMapreduceRole附加的resp。

Answer 1

您需要将内联策略附加到源帐户角色。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": [
                "arn:aws:iam::{Destination_Account}:role/to-be-assumed-role"
            ]
        }
    ]
}