I'm creating an AWS Glue job that should get access to a RDS Postgres database in another AWS account. I am supposed to use a role thats given trust relationship to account (glue job) level, which has the privileges to operate in the DB account. I'm struggling with setting up all the necessary permission this setup requires. Currently, I have configured my Glue execution role to sts:AssumeRole permission for the role in DB account. The Glue execution role has also some other permissions needed for the job to run, and trust relationship is given to glue.amazonaws.com. However, while calling assume role api in the script, I get an error that the glue execution role is not authorized to perform sts:AssumeRole operation.
Assuming the role works perfectly when tried in my local CLI, but not when calling it in the glue script. What am I missing here?
Checked for all typos, tried assuming the role in CLI, this works.
Expected the glue execution role to be able to assume role in DB account.