Skip to content

Instantly share code, notes, and snippets.

@fizz

fizz/trust-policy.json

Created November 21, 2025 04:55
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save fizz/c5a5a8ef44f7b2d2c96b2a8e9ead3d6a to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save fizz/c5a5a8ef44f7b2d2c96b2a8e9ead3d6a to your computer and use it in GitHub Desktop.
Download ZIP
Update trust for KinesisAccessfordevElastic
Raw
trust-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::150992150901:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"ArnLike": {
"aws:PrincipalArn": [
"arn:aws:iam::150992150901:role/elastic-serverless-forwar-*",
"arn:aws:iam::150992150901:role/pge-elasticsearch-role"
]
}
}
}
]
}
Raw
update-cross-account-trust.sh
#!/usr/bin/env bash
set -euo pipefail
# Replace with the actual ESF Lambda role ARN before running
LAMBDA_ROLE_ARN="arn:aws:iam::150992150901:role/elastic-serverless-forwar-ApplicationElasticServer-REPLACE_ME"
cat > trust-policy.json <<JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::150992150901:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"ArnLike": {
"aws:PrincipalArn": [
"arn:aws:iam::150992150901:role/elastic-serverless-forwar-*",
"arn:aws:iam::150992150901:role/pge-elasticsearch-role"
]
}
}
}
]
}
JSON
echo "Update trust policy in logging account (801458782278):"
echo "aws iam update-assume-role-policy --role-name KinesisAccessfordevElastic --policy-document file://trust-policy.json"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment