You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
My use-case is, I'm using an organization AWS account in which I have created a role and with that, I can list the S3 buckets using the doc https://support.atlassian.com/bitbucket-cloud/docs/deploy-on-aws-using-bitbucket-pipelines-openid-connect/
I have created another AWS TEST account under this organization AWS account. A role is created in the TEST account and trust relationship is given to organization(management) account from it. Also, the role in organization account is given STS full permission to assume the role in TEST account.
Now, I'm getting the following error with Bitbucket pipeline while trying to list the S3 bucket in the TEST account.
An error occurred (AccessDenied) when calling the ListObjectsV2 operation:
Is this possible with bitbucket OIDC to assume a role in TEST account by the role in organization(management) account via STS?
I only want to create role in organization(management) account and use STS assume roles to access resources in other accounts under the organisation. So authorization usng OIDC only happens in AWs management account.