Editing the trust relationship for an existing role

You can assign your existing IAM roles to your AWS Directory Service users and groups. To do this, however, the role must have a trust relationship with AWS Directory Service. When you use AWS Directory Service to create a role using the procedure in Creating a new role, this trust relationship is automatically set. You only need to establish this trust relationship for IAM roles that are not created by AWS Directory Service.

To establish a trust relationship for an existing role to AWS Directory Service

In the navigation pane of the IAM console, choose Roles.

The console displays the roles for your account.
Choose the name of the role that you want to modify, and select the Trust relationships tab on the details page.
Choose Edit trust relationship.

Under Policy Document, paste the following, and then choose Update Trust Policy.


{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "ds.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

You can also update this policy document using the IAM CLI. For more information, see update-trust in the IAM Command Line Reference.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Creating a new role

Assigning users or groups to an existing role