Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Cross Account IAM

  1. Home
  3. AWS Certified Solutions Architect Professional (SAP-C02)
  5. Cross Account IAM

Console Multi-Account Access:

  • Login to Prod account -> authenticate with access keys -> STS Service -> STS:AssumeRole -> Temp Credentials -> Dev Account
  • Login to Dev account -> Create IAM role -> TrustProductionUsersFullAdmin -> Role for Cross account access -> between AWS accounts ->
  • Prod account AWS Account ID -> Attach Policy -> Create Role
  • Login to Prod Account -> Switch Role -> Account Name, Role, Display Name, Color

Delegate Access Across AWS Accounts Using IAM Roles

  • share resources in one account with users in a different account.
  • With cross-account access, don’t create individual IAM users in each account.
  • users don’t have to sign out of one account and sign into another to access resources in different AWS accounts.

This workflow has three basic steps.

Step 1 – Create a Role

Step 2 – Grant Access to the Role Step

3 – Test Access by Switching Roles

Menu