在 Go 中，通过使用 AWS SDK for Go V2 可以轻松地从一个 AWS 账户中的 IAM 角色链式更新身份到另一个 AWS 账户中的 IAM 角色。

以下是实现从源 AWS 账户到目标 AWS 账户的 IAM 角色更新身份的代码示例：

package main

import (
        "context"
        "fmt"

        "github.com/aws/aws-sdk-go-v2/config"
        "github.com/aws/aws-sdk-go-v2/credentials/stscreds"
        "github.com/aws/aws-sdk-go-v2/service/s3"
)

func main() {
        cfg, err := config.LoadDefaultConfig(context.Background())
        if err != nil {
                panic("unable to load SDK config, " + err.Error())
        }

        // Create a STS credentials object with the source account's role ARN
        srcCreds := stscreds.NewAssumeRoleProvider(stscreds.AssumeRoleOptions{
                RoleArn: "arn:aws:iam::123456789012:role/SourceAccountRole",
                RoleSessionName: "SourceAccountRoleSession",
        })

        // Create a S3 client with the source account STS credentials
        s3Client := s3.NewFromConfig(cfg, func(o *s3.Options) {
                o.Credentials = srcCreds
        })

        // Create the target account credentials for the desired role
        targetCreds := stscreds.NewAssumeRoleCredentials(stscreds.AssumeRoleOptions{
                RoleArn: "arn:aws:iam::234567890123:role/TargetAccountRole",
                RoleSessionName: "TargetAccountRoleSession",
                ExternalID: "123456789012",
        }, func(o *stscreds.AssumeRoleProvider) {
                o.Credentials = srcCreds.Retrieve(context.Background())
        })

        // Create a S3 client with the target account STS credentials
        s3Client = s3.NewFromConfig(cfg, func(o *s3.Options) {
                o.Credentials = targetCreds
        })

        // Use the target account STS credentials to make S3 API calls