An IAM user is an entity that represents a person or application that interacts with AWS. It has specific credentials and permissions attached to it, like roles, to control access.
Configuring Assume Role Policy
...
Create a user and attach the policy to the user.
Create a Role (AssumeRole).
Select AWS Account: This account
Permissions
Attach the policy as specified in the section Permissions required in AWS R53.
Attach AWSOrganizationsReadOnlyAccess AWSOrganizationsReadOnlyAccess to discover accounts.Attach policy created in the following section.
Tags: This is optional. Provide some meaningful tags.
Role Name: Specify a name for the role.
Click Create Role.
...
Fore creating a role with proper permissions, complete the following steps :for IAM Create Role (AssumeRole):
In Select type of trusted entity, configure the following:
Select AWS Account:Select Another AWS account.
Provide the Account ID of the Trusted/Management account.
Permissions: Configure the following permissions:
Attach Policy: Attach the policy that has permissions required for R53 sync (R53ReadWrite access)as specified in the section Permissions required in AWS R53.
Tags: This is optional. Provide some meaningful tags.
Role Name: Specify the same name as provided in step 3.dthe IAM role that you just created.
Click Create Role.