How do I allow users or roles in a separate AWS account access to my AWS account?
Here are the steps:
Login to an AWS account using a user that has Admin Privileges
Navigate to the IAM console
Select Roles Under the Access Management and click the create roles
Choose the “AWS account” option and enter the “Another Aws account” option
Enter Block 64’s Account ID - 440496705373 and click on Next
- Make sure the Require external ID and Require MFA options are not selected
Under the Permissions policies search for “AmazonEC2ReadOnlyAccess” and Select that option
- Add the Role name and click on the 'Create Role' option
After Creating the role, select the created role and navigate to the Trust relationships tab
- Click on Edit Trust Policy to Replace the AWS arn present with to this “
arn:aws:iam::440496705373:user/aws-tenant-inventory" and click the update button
- Save Changes
- Copy ARN from present in the Summary Section of the Page and paste ARN as part of the AWS inventory Credentials.