Cross Account Access on AWS

Please visit my website and subscribe to my youtube channel for more articles

https://devops4solutions.com/

I have two accounts ( sandbox and pipeline)

On Sandbox account, Go IAM -> Roles -> Create ROle-> Select Another AWS acccount as shown below

Put Pipeline account number

Image for post
Image for post

Click Permissions -> Select any policy /custom policy -> Put Role name ->Create Role

Below policy will auto created

{
“Version”: “2012–10–17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“AWS”: “arn:aws:iam::accountnumber of pipeline :root”
},
“Action”: “sts:AssumeRole”,
“Condition”: {}
}
]
}

Now on pipeline account

Create a policy like this

{
“Version”: “2012–10–17”,
“Statement”: [
{
“Sid”: “VisualEditor0”,
“Effect”: “Allow”,
“Action”: “sts:AssumeRole”,
“Resource”: “arn:aws:iam::account number of sandbox:role/Build_Infrastructure_Terraform_Role”
}
]
}

Create a role and assign that policy to this role

Image for post
Image for post

Attach this role to the EC2 instance

Now run the below command. NOTE if AWS CLI is preconfigured then first delete those and run it.

aws sts assume-role — role-arn “arn:aws:iam::accountnumber of sandbox:role/Build_Infrastructure_Terraform_Role” — role-session-name “EC2FromB”

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store