IAM Switch to another account role
Login to aws from the account that you want to share resources to others.
Create Role
- IAM -> Role -> Create Role
- Trusted Entity Type -> AWS account
- AWS account ID (12 digits)
- Options -> leave blank
- Permission -> Search AmazonS3ReadOnlyAccess
- Role name: S3readonly
- Check Step 1
- Check Step 2
- Check Step 2
Create Policy
- Go to Policy
- Create Policy
- Select STS
- Actions allowed: AssumeRole
- Resources -> Add Arn
- Other account: 12 digits, ARN: role/S3readonly
- role arn:aws:iam
- Select Policy -> Actions -> Attach
- Select Policy -> Actions -> Attach
- Attach Policy
- Attach Policy
Create Group
- Create Group
- User group name: AssumeRoleGroup
- Add users to group
- Attach permissions policies
Switch role
- Go to another account that want to switch role
- Switch Role -> Switch Role
- Switch Role -> Switch Role
- Input original account id and role name
- Switch Role Result
- Check S3
- If you finished working, you can swtich back to your own account
This account
- If you are going to switch to another role in your own account, then you just need to select “This account” when you
create role.