If you are using per-user authentication through an AWS IAM role, you must insert a trust relationship into the role so that  can leverage it. 


Please acquire the following information:

For more information on the AWS Principal options described below, please review https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html.


  1. Login to the AWS console.
  2. Open the IAM role for use with
  3. Insert the following AWS policy snippet to define the trust relationship for this role:

      "Version": "2012-10-17",
      "Statement": [
          "Effect": "Allow",
          "Principal": {
            "AWS": "<aws_account_id>"
          "Action": "sts:AssumeRole",
          "Condition": {
            "StringLike": {
              "sts:ExternalId": [



    The AWS account identifier for


    The external identifier generated by

  4. Save the IAM role definition.

    NOTE: The AWS account ID value must be applied to every user profile that requires access through this IAM role. See User Profile Page.