1. AWS - Cross Account Access
1. We need to AWS Account. Example : Account-A and Account-B. Write down
the AccountID : ACCOUNT-A-ID and Account-B-ID
2. Create an IAM Role in AccountA with name “Role_for_B” for giving access for
user in Account-B. Write down the ARN for the role.
3. Attach permission, for example : EC2ReadPermissions to this role
4. In Account-B create an IAM user or use existing IAM User
5. Add the inline policy and attach Assume Role policy as below :
{
"Version": "2012-10-17”,
"Statement”: {
"Effect": "Allow”,
"Action": "sts:AssumeRole”,
"Resource": "arn:aws:iam::ACCOUNT-A-ID:role/Role_for_B”
}
}
6. Login to console of Account-B and Switch Role. Enter the ACCOUNT-A-ID and
select the Role we want to assume.
7. Validate that we can see EC2 instance in Account-A