I have account A from which I assumed the role for account B. Now since my work is done I want to assume a role for account C. But since only Account A can assume a role for account C and B can't, I am unable to do so.
Any way I can invalidate/switch users for an assumed role? The minimum timeout is 15 mins which would be too much wait for a user.
Edit: Trying to achieve it via AWS CLI
Running below command:
aws sts assume-role --role-arn **** --role-session-name jenkins --external-id ****
As I understood you use assume-role, you get a set of credentials like below
{
"AssumedRoleUser": {
"AssumedRoleId": "AROA3XFRBF535PLBIFPI4:s3-access-example",
"Arn": "arn:aws:sts::123456789012:assumed-role/xaccounts3access/s3-access-example"
},
"Credentials": {
"SecretAccessKey": "9drTJvcXLB89EXAMPLELB8923FB892xMFI",
"SessionToken": "AQoXdzELDDY//////////wEaoAK1wvxJY12r2IrDFT2IvAzTCn3zHoZ7YNtpiQLF0MqZye/qwjzP2iEXAMPLEbw/m3hsj8VBTkPORGvr9jM5sgP+w9IZWZnU+LWhmg+a5fDi2oTGUYcdg9uexQ4mtCHIHfi4citgqZTgco40Yqr4lIlo4V2b2Dyauk0eYFNebHtYlFVgAUj+7Indz3LU0aTWk1WKIjHmmMCIoTkyYp/k7kUG7moeEYKSitwQIi6Gjn+nyzM+PtoA3685ixzv0R7i5rjQi0YE0lf1oeie3bDiNHncmzosRM6SFiPzSvp6h/32xQuZsjcypmwsPSDtTPYcs0+YN/8BRi2/IcrxSpnWEXAMPLEXSDFTAQAM6Dl9zR0tXoybnlrZIwMLlMi1Kcgo5OytwU=",
"Expiration": "2016-03-15T00:05:07Z",
"AccessKeyId": "ASIAJEXAMPLEXEG2JICEA"
}
}
Those credentials you export or use directly while running the command.
When you use them directly then you only using the credentials for the specific command, in the next command you are again back to Account A.
When you export, you easily call unset command to unset the exported var you'll be back to Account A and then you call assume-role again and export the credentials for account C.