How do I allow users or roles in a separate AWS account access to my AWS account?
Here are the steps:
-
Login to an AWS account using a user that has Admin Privileges
-
Navigate to the IAM console
-
Select Roles Under the Access Management and click the create roles
-
Choose the “AWS account” option and enter the “Another Aws account” option
-
Enter Block 64’s Account ID - 440496705373 and click on Next
- Make sure the Require external ID and Require MFA options are not selected
-
Under the Permissions policies search for “AmazonEC2ReadOnlyAccess” and Select that option
- Add the Role name and click on the 'Create Role' option
-
After Creating the role, select the created role and navigate to the Trust relationships tab
- Click on Edit Trust Policy to Replace the AWS arn present with to this “
arn:aws:iam::440496705373:user/aws-tenant-inventory
" and click the update button - Save Changes
- Copy ARN from present in the Summary Section of the Page and paste ARN as part of the AWS inventory Credentials.