Do I need to change AWS role permissions when using a private worker pool?

Do I need to change AWS role permissions when using a private worker pool?

When using a private worker pool with Spacelift, you may need to adjust the trust policy of your Spacelift role in AWS, depending on your configuration.

Role assumption on worker

If you enable the "assume role on worker" option, the role assumption will be performed on your private worker rather than at Spacelift's end. When this option is enabled, you can also optionally specify a custom External ID to use during role assumption.

Trust policy adjustments

When using a private worker pool, ensure that the trust policy of your Spacelift role allows the private worker role to assume it. You can modify the trust policy to explicitly list the ARNs of the roles you want to permit.

For detailed guidance on configuring AWS roles and trust policies with Spacelift, please refer to the AWS setup guide.