Create Cross Account Roles

To aggregate the data present in AWS accounts in an organization, the AWS Connector uses the assume role functionality of the AWS System. This functionality helps return data from different AWS accounts.

Create the cross-account role to allow the IAM user or IAM role from one AWS Account to access the resources in another AWS Account.

Copy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          arn:aws:iam::<IAM role AWS Account ID>:role/<IAM role assciated with EC2 instance>,
          OR
          arn:aws:iam::<IAM user AWS Account ID>:user/<IAM user name>
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Trusted entities in the above case can be the IAM user or IAM Role associated with the EC2 instance based on the authentication method selected.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Create Cross Account Roles

Documentation Feedback