Lab - AWS Cross Account Access
0 likes77 views
To provide cross-account access between AWS Account A and Account B, Account A must create an IAM role called "Role_for_B" and attach EC2 read permissions to it. Account B then creates an IAM user and adds an inline policy allowing the user to assume the "Role_for_B" role in Account A, after which the user can switch roles in the Account B console to access EC2 instances in Account A.
Lab - AWS Cross Account Access
- 1. AWS - Cross Account Access 1. We need to AWS Account. Example : Account-A and Account-B. Write down the AccountID : ACCOUNT-A-ID and Account-B-ID 2. Create an IAM Role in AccountA with name “Role_for_B” for giving access for user in Account-B. Write down the ARN for the role. 3. Attach permission, for example : EC2ReadPermissions to this role 4. In Account-B create an IAM user or use existing IAM User 5. Add the inline policy and attach Assume Role policy as below : { "Version": "2012-10-17”, "Statement”: { "Effect": "Allow”, "Action": "sts:AssumeRole”, "Resource": "arn:aws:iam::ACCOUNT-A-ID:role/Role_for_B” } } 6. Login to console of Account-B and Switch Role. Enter the ACCOUNT-A-ID and select the Role we want to assume. 7. Validate that we can see EC2 instance in Account-A