...
In this article
| Table of Contents | ||||
|---|---|---|---|---|
|
Prerequisites
- Familiarity with the SnapLogic and AWS platforms.
- AWS Account with S3 buckets.
Key Steps
Creating a Cross Account IAM Role and Policy in AWS Account
...
Overview
The Cross-Account IAM Role enables a client from an AWS account to access the resources of another AWS account temporarily using the
...
Snaps that support
...
Cross IAM role functionality. This helps organizations or different teams in an organization to access each other's AWS
...
accounts without compromising security by sharing AWS credentials.
You can briefly allow access to your AWS account and specify the access duration. You must create a role and policy in your AWS account. The policy created by the host is attached to the access seeker's account. This
...
Cross-Account IAM role enables SnapLogic to trigger the necessary APIs.
Prerequisites
Familiarity with the SnapLogic and AWS platforms.
AWS Account with S3 buckets.
Key Steps
Create a Cross-Account IAM Role and Policy in AWS Account
Log in to the AWS Management Console and
...
navigate to IAM > Roles.
...
Click Create role > Another AWS Account.
...
Specify the account ID for the other account
...
that will access your account.
...
...
Enter the account number of the access
...
seeker in the Account ID field
...
. For more information, refer to https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-identifiers.html.
Optionally, add an additional security layer to authenticate for each login by checking the Options check box
...
next to Require external ID
...
.
...
...
Click Next: Permissions.
...
When the Attach permission policies screen displays
...
where you can set the permissions
...
, select the checkbox next to the applicable policy for this role.
...
Optionally, as appropriate add tags. Click Next: Tags
...
to skip to the next screen.
Click Next: Review to skip to
...
the next screen.
Review the information displayed and add a name for the role. Click Create role.
The Summary page displays the Amazon Resource Name number. Make a note of this ARN, as you will need it when completing the AWS IAM Role account settings.
...
| Info |
|---|
Learn more at https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html |
| Code Block |
|---|
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Principal": {
"AWS": "222520180446"
},
"Condition": {
"StringEquals": {
"sts:ExternalId": "snaplogic"
}
}
}
]
}
|
Associate the IAM Policy with the Created Role
...
In
...
the AWS console, click Users and select the user name which is listed in the table.
...
On the Summary screen, select the desired user and click Add inline policy to attach the policy.
...
Click the JSON tab and
...
enter the details of the policy in the editor
...
, and Click Review Policy.
...
Review the policy summary. Add a name and, optionally, a description for this policy, and click Create policy.
The policy is created and can now be assigned to the cross-account IAM role.
Code Block { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "<Role ARN>" } ] }
...
| Note |
|---|
The Role ARN is displayed on the summary tab when the role is created. |
Account Settings for Access Through SnapLogic
You can configure the
...
Cross-Account IAM Role
...
for S3 Account or S3 Dynamics Account. Enter the credentials provided
...
for the IAM role. Enter Role ARN and External ID (if
...
set up by the host) provided from the host S3 account.
Steps
- Enter the Access-key ID, Secret key of the host S3 account. The credentials should belong to the IAM user we attached policy in the last section.
OR
...
For an account used in EC2
...
Groundplex with an IAM role configured, select the IAM role check box.
...
Specify the Role ARN and External ID provided by the S3 host account.
...
Related Content