Delegate Access Across AWS Accounts Using IAM Roles
This tutorial teaches you how to use a role to delegate access to resources that are in different AWS accounts. By setting up cross-account access in this way, you don't need to create individual IAM users in each account. In addition, users don't have to sign out of one account and sign into another in order to access resources that are in different AWS accounts
Steps to Follow
Step 1- Login to the Customer AWS Account and go to IAM Services
Step 2- Create a new Role → “Provide access between AWS accounts you own”
Step 3- Enter the Account ID to whom you to grant access to your AWS Account.
Step 4- Attach a policy to it.
Step 5- Access Specific IP addresses only.
We can grant access to only specific IP addresses, we can create and Custom Policy and attach it to the Role.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1496303214949",
"Action": "*",
"Effect": "Allow",
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "182.74.123.000"
}
}
}
]
}
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1496303214949",
"Action": "*",
"Effect": "Allow",
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "182.74.123.000"
}
}
}
]
}
Step 6- Give your Role a unique Name and Description.
Step 7- Login to AWS Account to whom you want to grant access to your account.
Step 8- Click on your Username at the top right corner and then click on Switch Roles.
Step 9- Enter your Account ID , Name of the Role which was created above and the Display Name
and the click on Switch Role
Step 10- Now you access the accounts of the clients by clicking on Role created.
Step 11 - Accessing other account using my personal AWS Account.
Comments
Post a Comment