You can use assume role on Cloudera CDH, Hortonworks HDP, and Cloudera CDP distributions for the same AWS account and cross-account access. You cannot use assume role on MapR and Azure HDInsight distributions.

To use assume role on EMR distributions for same AWS account and cross-account access, you must set up a security configuration. For more information on how to set up a security configuration, see the AWS documentation.

The IAM user who requests for the temporary security credentials should not have access to any AWS resources.

Only authenticated IAM users can request for the temporary security credentials from the AWS Security Token Service (AWS STS).

Before you run a mapping, ensure that you have enough time to use the temporary security credentials for running the mapping. You cannot extend the time duration of the temporary security credentials for an ongoing mapping. For example, when you upload a file to an Amazon S3 bucket and if the temporary security credentials expire, you cannot extend the time duration of the temporary security credentials that causes the mapping to fail.

After the temporary security credentials expire, AWS does not authorize the IAM users to access the resources using the credentials. You must request for new temporary security credentials before the previous temporary security credentials expire.

Do not use the root user credentials of an AWS account to use the temporary security credentials. You must use the credentials of an IAM user to use the temporary security credentials.