@startuml
title Configuration 3: EC2 in its own AWS Account
package AWS-1 {
component c2 [
Role: s3-write-role
trust: AWS-2
policy: s3-write-policy
]
frame S3 {
[bucket]
}
frame Redshift {
component c4 [
Role: role-1
trust: redshift.amazonaws.com
policy: s3-read-policy
]
}
}
package AWS-2 {
frame EC2 {
component c3 [
Role: role-2
trust: ec2.amazonaws.com
inline policy:
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::AWS-1:role/s3-write-role"
]
}
}
[c2] <-- [c3]
legend top
S3 Write = arn:aws:iam::AWS-1:role/s3-write-role
Redshift AWS Account ID = AWS-1
Redshift IAM Role Name = role-1
S3 Read = (empty)
endlegend
@enduml