Skip to content

How to Assume Role across Accounts in AWS

If you need to assume role between AWS accounts, or allow an account to assume a role and use resources in another AWS account, then you need to create a role and attach the following policy.

The following two (2) steps creates a Trust Relationship between the accounts.

Step 1 – In the Source Account

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "sts:AssumeRole" ], "Resource": [ "arn:aws:iam::DESTINATION-ACCOUNT-ID:role/DESTINATION-ROLENAME" ] }] }
Code language: JSON / JSON with Comments (json)

Step 2 – In the Destination Account

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::SOURCE-ACCOUNT-ID:role/SOURCE-USERNAME" }, "Action": "sts:AssumeRole" }] }
Code language: JSON / JSON with Comments (json)

See also  Palindrome integer composition in Java
Tags:
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x