I'm trying to figure out how to run Claude Code at work when the role I use to activate it is different from the one needed to access data on S3 or run queries with Athena. Does anyone have advice on how to manage this? What steps am I possibly overlooking?
5 Answers
Could you clarify how you're currently implementing Claude? I use it both at home and work, but I’m not quite connecting it to the S3 permissions issue you're facing. Are you working with a Bedrock setup or something similar?
You might be missing that the Claude Code principal (role A) must have permission to assume role B. Check the AWS documentation on managing IAM roles for more details.
How are you using S3 in your setup? Generally, access isn’t restricted to a single IAM role. Any role with the proper policy should suffice as long as there aren’t specific deny rules in place.
You can try telling it to execute with `AWS_PROFILE=`. Most tools should recognize that. If it doesn't work, you might need to write a script that wraps those calls with the correct AssumeRole settings in the environment.
The block you’re encountering should show up in your AWS log files. It sounds like the issue may be due to insufficient permissions. Make sure the role you’re using has the right access to S3.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically