Editing the trust relationship for an existing role - Amazon Directory Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Editing the trust relationship for an existing role

You can assign your existing IAM roles to your Amazon Directory Service users and groups. To do this, however, the role must have a trust relationship with Amazon Directory Service. When you use Amazon Directory Service to create a role using the procedure in Creating a new role, this trust relationship is automatically set. You only need to establish this trust relationship for IAM roles that are not created by Amazon Directory Service.

To establish a trust relationship for an existing role to Amazon Directory Service
  1. Open the IAM console at https://console.amazonaws.cn/iam/.

  2. In the navigation pane of the IAM console, under Access management, choose Roles.

    The console displays the roles for your account.

  3. Choose the name of the role that you want to modify, and once on the role's page, select the Trust relationships tab.

  4. Choose Edit trust policy.

  5. Under Edit trust policy, paste the following, and then choose Update policy.

    { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "ds.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }

You can also update this policy document using the Amazon CLI. For more information, see update-trust in the Amazon CLI Command Reference.