Question posted in 
I have a S3 java client which I want to run. But I get error during startup:
Caused by: com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: User: arn:aws:iam::123456789:user/test-key is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::123456789:user/test-key (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: 3b9b4bd4-48d1-40dc-a7d-f33d1cfffbb5; Proxy: null)
Do you know how I can set this permission into AWS IAM panel?
EDIT:
AssumeRoleRequest assumeRequest = (new AssumeRoleRequest()).withRoleArn(awsArn).withDurationSeconds(s3Properties.getSessionDuration()).withRoleSessionName(s3Properties.getAwsSessionname());
AWSSecurityTokenService stsClient = (AWSSecurityTokenService)((AWSSecurityTokenServiceClientBuilder)((AWSSecurityTokenServiceClientBuilder)AWSSecurityTokenServiceClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(credentials))).withRegion(s3Properties.getAwsRegion())).build();
AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest);
Credentials credentials2 = assumeResult.getCredentials();
2
Answers
The error indicates that you are using an IAM user to assume an IAM user:
AssumeRoleis used with IAM roles, not IAM users. In your code snippet:The value for
awsArnmust be an IAM user. The value should instead be an IAM role that has a trust policy allowing thetest-keyuser to assume the role. Read the documentation on AssumeRole and see the example in the AWS SDK docs. I won’t reproduce them here as they are quite explicit about what you need to do.Kindly use Assume role with the
roles, not with theiam userRole ARN Sample –
RoleArn=arn:aws:iam::123456789012:role/demoSDK Guide – https://docs.aws.amazon.com/code-library/latest/ug/sts_example_sts_AssumeRole_section.html