find_roles_by_trust_relationship

Identify IAM roles based on trust relationships to determine which roles can be assumed by a specific principal or which roles a specific IAM role can assume. Simplifies AWS security analysis.

Instructions

Find IAM roles based on their trust relationship criteria.

This tool has two main use cases:
1. Identifying roles that can be assumed by a specific principal (role/user/service)
2. Identifying roles that a specific IAM role can assume (by checking permissions)

Args:
    principal_type: Type of principal to search for ('role', 'user', 'service', 'account', 'role_arn')
    principal_value: Value of the principal (role name, user name, service name, account ID, or complete role ARN)
    limit: Maximum number of roles to analyze
    
Returns:
    JSON string with roles matching the trust relationship criteria

Input Schema

Name	Required	Description	Default
`limit`	No
`principal_type`	Yes
`principal_value`	Yes

Input Schema (JSON Schema)

{
  "properties": {
    "limit": {
      "default": 100,
      "title": "Limit",
      "type": "integer"
    },
    "principal_type": {
      "title": "Principal Type",
      "type": "string"
    },
    "principal_value": {
      "title": "Principal Value",
      "type": "string"
    }
  },
  "required": [
    "principal_type",
    "principal_value"
  ],
  "title": "find_roles_by_trust_relationshipArguments",
  "type": "object"
}

AWS Security MCP

find_roles_by_trust_relationship

Instructions

Input Schema

Input Schema (JSON Schema)

Other Tools from AWS Security MCP

Related Tools