I would like to create an iam role “Y”, with a trust policy that allows the user to assume the role.
To make that work, I need two things:
- Add a new role with a trust policy statement that allows the user to AssumeRole on this new role.
- On the user, add a permission policy statement that allows it to AssumeRole on that new role. (or create a new user, and do this for the new user).
Part 1 works fine, I can create the iam role and add the trust policy without issue.
But I don’t seem to have the permissions required to achieve point (2). I can’t modify the permission policies of the existing user, so cannot add the required permission for it to AssumeRole Y. (And I also don’t have permission to add a new iam user, so can’t do it that way either).
Is there any way for me to do what I’m looking to do?
(context: the reason I want this in the first place is because I want to test a kms setup where user can encrypt with public key, and a separate user or role can decrypt with private key).