Create a Role for multiple accounts

Consider you have 3 AWS accounts (Normal account under which we are supposed to launch Kumolus application - production environment, 1 for backup and 1 for consolidated billing). To grant permission of others accounts we need to perform following steps:

Login to your 3 accounts, and perform following steps for each one of them.

Access the IAM service as showed in picture below:

Once you are in IAM service administration click on Roles at the left menu

Then click on blue button labeled Create New Role

Set a name for your new role and click on Next Step

  • Consolidate Billing Accounts

  • Backup Accounts

  • Normal Accounts

Select the Role Type as Provide access between AWS accounts you own in Role for Cross-Account Access section and click on Select

Now enter the ID of the AWS account where Kumolus is running to be able to access this account and click on Next Step

In the next step you have to select one or more policies to attach to your role, but it will depends on the function of your account. If your account assume more than one role you can choice all of them that are applicable then click on Next Step

  • Consolidated Billing Account

  • Backup Accounts

  • Normal Accounts

Now you review the details of your new role. It is very important copy the Role ARN before you click on Create Role to finish.

  • Consolidated Billing Account

  • Backup Accounts

  • Normal Accounts

results matching ""

    No results matching ""