Pre-study image
What was it? I don't have a quick answer.
I think it was something about doing something with users of different accounts.
Research
What is AWS Cross Account Connectivity?
It is to allow one account to handle the resources of two or more accounts.
If you have two, it is also called a multi-account connection.
You may think that all you have to do is to re-login to your account.
However, depending on the environment, it may be necessary to separate the accounts for production and development, or to connect to another company's AWS account.
In such cases, a cross-account connection allows you to connect simply by granting permission to your existing account without having to create a new one.
What kind of configuration will be used?
The use case is as follows.
User A exists in one account.
Another user A needs to be able to connect to the production environment, the development environment, and another company's environment.
In each environment, configure IAM roles as follows
- Production environment
- Assign user A read access to the production log bucket
- Development environment
- Assign read permission of the development log bucket to user A
- Other company environment
- Assign all EC2 operation privileges to user A
Then, user A remains user A and only needs to perform the switch role
read permission for the production log bucket in the production environment, read permission for the development log bucket in the development environment, and all operating privileges for EC2 in other companies' environments
User A can obtain read access to production log buckets in the production environment, read access to development log buckets in the development environment, and all EC2 operations in other environments.
Difference between switch roles and cross account connections
- Cross Account.
- Allowing two or more accounts to handle resources
- Switch Roles
- To change to another authority (role).
- Commonly used to switch to a role of a different account when handling resources of a different account.
- It is not about logging in to a different account, but about switching to a
roleof a different account.
Image after study
Switching roles is not just a login.
Top comments (0)