Using AWS CLI with Cross Account Access

In my earlier blog post HERE, I had described on how to use AWS Console using Cross Account Access.

However, this was for AWS Console access only, but not for AWS CLI. In this blog post, I will be describing on how to access AWS resources using AWS CLI using Cross Account Access.

Testing

For testing purposes, I have already created a role named cc-access in the parent AWS account. To make things, simpler, the below image is the contents of my .aws/config and .aws/credentials files. I hope you get the gist.

In the above image,

  • Two profiles, viz., default and testaccount are created
  • default is the parent account
  • testaccount is the account which has cross account access to default account.
  • role_arn line has to be edited as follows:
    • role_arn = arn:aws:iam::123456789012:role/cc-access ( where 123456789012 is the account ID of testaccount.)

Checking output

  1. Output 1 (Parent Account)

    1
    aws s3 ls

  2. Output 2 (testaccount Account)

    1
    aws s3 ls --profile testaccount


Please do comments in case I have missed out anything. The above setup works for me properly, might differ in your case (or maybe not).

Enjoy !!

amazon web services aws ec2 iam aws cli cross account iam role