Grant access across different AWS accounts using IAM roles. (AWS Cross Accounts & Assume Role)
ฝัง
- เผยแพร่เมื่อ 5 มี.ค. 2022
- Grant access across different AWS accounts using IAM roles. (AWS Cross Accounts & IAM Assume Role)
Today's video we are going to grant access across different AWS accounts using IAM roles. (AWS cross accounts.)
What you will learn:
you will learn how to grant access to resources from different AWS accounts using IAM roles.
How to share AWS resources from one account to users created in another account.
This way, you do not have to log out each time and log in to a different account when needed.
Instead of creating multiple accounts in all AWS accounts, we can use a single account and manage all the resources from all the different accounts.
Prerequisites for lab:
1. At least two AWS accounts
2. Create an IAM role in the target account to allow access to resources through the source account
3. create a user and group in the source account
4. allow the group in the source account to assume the IAM role in the target account by creating an IAM policy
5. test by switching accounts.
IAM is a service that allows you to control the access and permissions that users are allowed to manage AWS resources. With IAM, we can create users, groups, and access control policies to control who can use AWS resources.
Thank you for this video. Really helped me.
Hi , very helpful video. I have one question. is it possible to grant access to different aws account using only roles. Without using users. I am trying to read data from account B using AWS glue in Account A. Is this possible?
can we access aws secreteManager/aws parameter store from cross account? any helpful video ca you please upload?
Just a minor knock on your content given your teaching others, you should avoid using your root account and also use an external ID when using a cross account role.