Latest Content

How to Update a Role Trust

Updated on 01 June, 2026

Update an existing role trust in Vultr IAM. Modify trust relationship parameters such as conditions, IP restrictions, or the trusted principal configuration.

Updating a role trust allows you to change its conditions, trusted entity, expiration date, or trust type. This is useful when you need to extend a trust's validity, adjust IP or time-of-day restrictions, or change which user or group can assume the role.

Follow this guide to update a role trust using the Vultr Console, the Vultr API, or Terraform.

  • Vultr Console
  • Vultr API
  • Terraform
  1. Log in to the Vultr Console.
  2. Click the organization name in the top navigation bar.
  3. Click Manage Organization.
  4. Click the Roles tab.
  5. Click the name of the assumable role whose trust you want to update.
  6. Expand the Role Trust section.
  7. Click the Edit icon to modify the trust configuration.
  8. Update the trusted entity, assumption schedule, or conditions as needed.
  9. Click Save Changes.

  1. Send a GET request to the List Role Trusts endpoint to retrieve all role trusts in your organization.

    console 
    $ curl "https://api.vultr.com/v2/role-trusts" \
    -X GET \
    -H "Authorization: Bearer ${VULTR_API_KEY}"

    Note the id of the role trust you want to update.

  2. Send a GET request to the Read Role Trust endpoint to retrieve the current trust details. Replace {role-trust-id} with the id you retrieved in the previous step.

    console 
    $ curl "https://api.vultr.com/v2/role-trusts/{role-trust-id}" \
    -X GET \
    -H "Authorization: Bearer ${VULTR_API_KEY}"

  3. Send a PUT request to the Update Role Trust endpoint to update the trust. Replace the values with your updated trust details.

    console 
    $ curl "https://api.vultr.com/v2/role-trusts/{role-trust-id}" \
    -X PUT \
    -H "Authorization: Bearer ${VULTR_API_KEY}" \
    -H "Content-Type: application/json" \
    -d '{
        "role_id": "ROLE-ID",
        "trust_type": "IAMAssumption",
        "trusted_user_id": "USER-ID",
        "conditions": {
            "time_of_day": {
                "timezone": "utc",
                "days_of_week": ["monday", "tuesday", "wednesday", "thursday", "friday", "saturday"]
            },
            "ip_address": []
        },
        "valid_until": "2027-01-01T03:59:59+00:00"
    }'

    The response confirms the trust has been updated with the new configuration.

  4. Send a GET request to the Read Role Trust endpoint to retrieve the updated details.

    console 
    $ curl "https://api.vultr.com/v2/role-trusts/{role-trust-id}" \
    -X GET \
    -H "Authorization: Bearer ${VULTR_API_KEY}"

    Verify that the trust details reflect the new values.

  1. Ensure the Vultr Terraform provider is configured in your Terraform project.

  2. Modify the mutable fields in the role trust resource: type, hour_start, hour_end, ip_range, or date_expires.

    hcl 
    resource "vultr_organization_role_trust" "my_role_trust" {
  role         = vultr_organization_role.my_role.id
  user         = vultr_user.new_user.id
  type         = "TemporaryAssumption"
  hour_start   = 9
  hour_end     = 18
  ip_range     = ["10.0.0.0/8"]
  date_expires = "2027-01-01T00:00:00+00:00"
}

  3. Apply the changes.

    console 
    $ terraform apply

    Verify that the output shows vultr_organization_role_trust.my_role_trust: Modifications complete.

Comments