Asume Role AWS #aws #assume #security #role

README.md

Asume Role AWS

• Account 1 (security) with all users
• Account 2 (prod) with no users

Give access to a prod policy for a security user

On security account

create a policy attached to users direcly or using a group

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1534164696001",
      "Effect": "Allow",
      "Action": [
        "sts:AssumeRole"
      ],
      "Resource": [
        "arn:aws:iam::{PROD_ACCOUNT_ID}:{PROD_ROLE_NAME}"
      ]
    }
  ]
}

On prod account

create a role with all needed policies attached & a Trust Relationship

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::{SECURITY_ACCOUNT_ID}:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {}
    }
  ]
}