Cross Account IAM Role enables a client from an AWS account to access the resources of another AWS account temporarily using the Binary Snaps that support reading from/writing into S3 buckets. This helps organizations or various teams in an organization to access each other's AWS account without compromising security by sharing AWS credentials.
You can briefly allow access to your AWS account and specify the access duration. You must create a role and policy in your AWS account. The policy created by the host is attached to the access seeker's account. This cross account IAM role enables SnapLogic to trigger the necessary APIs.
Steps
Click the JSON tab and enter the following policy in the editor. Click the JSON tab, enter the following policy in the editor, and then click Review policy.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "<Role ARN>" } ] } |
4. Review the policy summary. Add a name and optionally, a description for this policy, and click Create policy.
The policy is created and can be assigned to the cross-account IAM role.
You can configure the cross account IAM Role in Amazon SQS Account. Enter the credentials provided for the IAM role. Enter Role ARN and External ID (if setup by the host) provided from the host S3 account.