If you are using per-user authentication through an AWS IAM role, you must insert a trust relationship into the role so that  can leverage it. 

Prerequisites:

Please acquire the following information:


For more information on the AWS Principal options described below, please review https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html.

Steps:

  1. Login to the AWS console.
  2. Open the IAM role for use with
  3. Insert the following AWS policy snippet to define the trust relationship for this role:

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "AWS": "<aws_account_id>"
          },
          "Action": "sts:AssumeRole",
          "Condition": {
            "StringLike": {
              "sts:ExternalId": [
                "<external_id>"
              ]
            }
          }
        }
      ]
    }

    where:

    SettingDescription
    <aws_account_id>

    The AWS account identifier for

    <external_id>

    The external identifier generated by

  4. Save the IAM role definition.

    NOTE: The AWS account ID value must be applied to every user profile that requires access through this IAM role. See User Profile Page.