Create a Role for multiple accounts

Consider you have 3 AWS accounts (Normal account under which we are supposed to launch Kumolus application - production environment, 1 for backup and 1 for consolidated billing). To grant permission of others accounts we need to perform following steps:

Login to your 3 accounts, and perform following steps for each one of them.

Access the IAM service as showed in picture below:

Once you are in IAM service administration click on Roles at the left menu

Then click on blue button labeled Create Role

You will be prompted to provide the information as shown in the image below. Select "Another AWS Account" on the next screen.

Provide the Account ID for the additional account(s) you own, to allow Kumolus to access resources in the attached AWS account.

Next, you are required to attach policies to the Role. We can use the policies created in Create Policies and attach them to the newly created role. You can do this on the Permissions screen.

In the next step you have to select one or more policies to attach to your role, but it depends on the function of your account. If your account assumes more than one role, you can select all of the applicable policies and Click on Next: Review.

Consolidated Billing Account

Backup Account

Normal Accounts

On the next step, provide a Name and Description for the Role.

Review your Trusted Entities (other AWS Account) and policies for the Role and click on Create Role to finish.

Once created, you can filter the Role by name from the Role list on the IAM Console.

Click on the role to view details or edit it. Copy the Role ARN as it is required for Setting Cross-Account Access for Kumolus Application

results matching ""

    No results matching ""