in cross-account-publish/c-sharp/ConsoleApp1/ConsoleApp1/Program.cs [116:158]
private static Credentials GetCrossAccountCredentials(string accountId, string roleName)
{
AmazonSecurityTokenServiceClient amazonSecurityTokenServiceClient = new AmazonSecurityTokenServiceClient();
AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest();
string crossAccountRoleArn = "arn:aws:iam::" + accountId + ":role/" + roleName;
assumeRoleRequest.RoleArn = crossAccountRoleArn;
assumeRoleRequest.RoleSessionName = "cross-publish-session";
AssumeRoleResponse assumeRoleResponse = null;
try
{
assumeRoleResponse = amazonSecurityTokenServiceClient.AssumeRoleAsync(assumeRoleRequest).Result;
}
catch (AggregateException e)
{
if (e.Message.Contains("Access denied"))
{
Console.WriteLine(
"Access was denied for the cross account role in account " + accountId + " with role name " +
roleName +
". Verify that the account ID and role name are correct and that the role was created with the correct permissions and trust configuration in the other account and try again.");
}
else if (e.Message.Contains("404"))
{
Console.WriteLine(
"Not found error occurred for the cross account role in account " + accountId +
" with role name " +
roleName +
". Verify that the account ID and role name are correct, that the role was created with the correct permissions and trust configuration in the other account, and that the EC2 instance has the sts:AssumeRole permission in its profile and try again.");
}
else
{
Console.WriteLine("FAIL GetCrossAccountCredentials");
Console.WriteLine(e.Message);
Console.WriteLine(e.StackTrace);
}
Environment.Exit(1);
}
return assumeRoleResponse.Credentials;
}