Teach One To Fish

IAM Switch to another account role

IAM Switch to another account role

Login to aws from the account that you want to share resources to others.

Create Role

  1. IAM -> Role -> Create Role Create role
  2. Trusted Entity Type -> AWS account TrustedEntityType
  3. AWS account ID (12 digits) AwsAccountID
  4. Options -> leave blank Options
  5. Permission -> Search AmazonS3ReadOnlyAccess AmazonS3ReadOnlyAccess
  6. Role name: S3readonly Role Name
  7. Check Step 1 Check Step 1
  8. Check Step 2 Check Step 2
  9. Check Step 2 Check Step 2

Create Policy

  1. Go to Policy go to policy
  2. Create Policy create policy
  3. Select STS select sts
  4. Actions allowed: AssumeRole Actions allowed AssumeRole
  5. Resources -> Add Arn Resources
  6. Other account: 12 digits, ARN: role/S3readonly Specify ARNs
  7. role arn:aws:iamid role ARN
  8. Select Policy -> Actions -> Attach Actions Attach
  9. Select Policy -> Actions -> Attach Actions Attach
  10. Attach Policy Attach Policy
  11. Attach Policy Attach Policy

Create Group

  1. Create Group
  2. User group name: AssumeRoleGroup group name
  3. Add users to group Add users to group
  4. Attach permissions policies Attach permissions policies

Switch role

  1. Go to another account that want to switch role
  2. Switch Role -> Switch Role Switch Role
  3. Switch Role -> Switch Role Switch Role
  4. Input original account id and role name
  5. Switch Role Result Switch Role Result
  6. Check S3 Check S3
  7. If you finished working, you can swtich back to your own account switch back

This account

  1. If you are going to switch to another role in your own account, then you just need to select “This account” when you
    create role. this account

Teach One To Fish

,