Setting Cross-Account Access for Kumolus Application

Login to your account where Kumolus application is running and perform following steps

Access the IAM service as showed in picture below:

Once you are in IAM service administration click on Roles at the left menu

Filter by the name you had chosen for the role you had created in the step Create Role.

Then click on the role to view details and edit the policies, expand Inline Policies section and click on CLICK HERE.

In Set Permissions section choice the Custom Policy option and click on Select

Now you will need the Role ARN that you had copied earlier. Complete the fields as shown below and click on Validate Policy to check if everything is OK.

Content of Policy Document:

{

"Version":"2012-10-17",

"Statement": [

{

"Effect": "Allow",

"Action": [

"sts:AssumeRole"

],

"Resource": [

"arn:aws:iam::REMOTE_AWSID_ACCOUNT1:role/Kumolus-ConsolidatedBilling"

]

},

{

"Effect": "Allow",

"Action": [

"sts:AssumeRole"

],

"Resource": [

"arn:aws:iam::REMOTE_AWSID_ACCOUNT2:role/Kumolus-BackupAccount"

]

},

{

"Effect": "Allow",

"Action": [

"sts:AssumeRole"

],

"Resource": [

"arn:aws:iam::REMOTE_AWSID_ACCOUNT3:role/Kumolus-NormalAccount"

]

}

]

}

If you receive the message below, everything was good.

Then click on Apply Policy

Now your role has access for local and remote accounts.

Now you have a role for Kumolus Application has permission to access resources from other accounts.

results matching ""

    No results matching ""