AWS IAM: Restrict STS assume-role to specific users

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::555555555555:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:username": [
"jecarter",
"wjclinton",
"bhobama",
"jrbiden"
]
},
"Bool": {
"aws:MultiFactorAuthPresent": "true"
}
}
}
]
}

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store