Using Cross Account Access for multiple AWS Accounts
Normally, we would sign-in to the different AWS Console with the customized IAM Sign In Link. For 1 or 2 accounts it’s acceptable. But for a much larger number, it becomes difficult to switch browsers to private browsing, or using multiple browsers, which kind of becomes complex in handling all the accounts and their credentials as it tends to increase the user management because of each AWS account having its own IAM users, groups, and roles. This tutorial is focussed on setting up Cross Account Access via AWS Console (or AWS GUI, as some might prefer that).
I’ll be assuming the below variables in this blog post:
Main AWS Account ID: 1111111111
3rd Party AWS Account ID: 2222222222
In simpler terms, We will be using the IAM users of 1111111111 to access the resources of 2222222222.
Sounds Easy? Let’s get started.
Login to 2222222222 account Console and create an IAM role for 1111111111 IAM users to access resources of 2222222222 account.
Choose Role for Cross-Account Access and select “Provide access between AWS accounts you own“. Use ReadOnly access for testing purposes.
Enter the Account ID of the main account, which is 1111111111 and proceed.
Finish the role creation wizard.
Now login to 1111111111 account, and click on the username with account ID on top right corner of the webpage. Click “Switch Role”.
Click Switch Role and enter the values accordingly and proceed.
The page will be refreshed with the AWS Console Dashboard and a change (with color) in top right corner of the webpage.
Verify the access by opening a service currently in use.
Using the Cross Account access for multiple accounts removes the hassles of maintaining multiple accounts and their credentials.
Comments are welcome. Cheers.