AWS Role Assumption Simulator
Interactive learning tool for AWS cross-account access
Choose Your Scenario
Alice (Developer)
Account A (111111111111)
Trusted
CrossAccountS3Role
Account B (222222222222)
Trust: Account A users
S3 Bucket
my-company-data
Trust Policy
Who can assume this role?
Account A users
Match ✓
Access Policy
S3ReadWritePolicy
Process Steps
1
User initiates request
2
Check trust policy
3
Assume role
4
Check access policy
5
Access S3 resource
Key Concepts
Trust Policy
Defines WHO can assume the role (which AWS accounts, users, or services)
Access Policy
Defines WHAT the role can do once assumed (permissions to AWS resources)
Cross-Account Access
Allows users from one AWS account to access resources in another account
Temporary Credentials
When you assume a role, you get temporary credentials that expire