IAM Role for cross account access

Create a rule to be used through the account switch role.

Created resources

Create a IAM role with administrator permissions to allow access user from an other account.

Installation

Region	Deploy Link
eu-west-1
eu-west-3
eu-central-1
us-east-1
us-east-2

Using the SAM CLI:

sam build
sam deploy --guided

Including in an other SAM template:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31

Resources:
  RoleAccountAccess:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: # pick a templates links from section below, based on your region
      Parameters:
        RoleIdentifier: "CompanyName"
        AccountId: 123456789012

Public templates

Region	Template URLs
eu-west-1	https://bitbull-serverless-templates-butoamoogh8eigo.s3.eu-west-1.amazonaws.com/iam-role-cross-account-access/template.yml
eu-west-3	https://bitbull-serverless-templates-oofiev6que5ooy3.s3.eu-west-3.amazonaws.com/iam-role-cross-account-access/template.yml
eu-central-1	https://bitbull-serverless-templates-saijuozaeshae6e.s3.eu-central-1.amazonaws.com/iam-role-cross-account-access/template.yml
us-east-1	https://bitbull-serverless-templates-chai7ephae5eet2.s3.us-east-1.amazonaws.com/iam-role-cross-account-access/template.yml
us-east-2	https://bitbull-serverless-templates-xae9och1eipiem8.s3.us-east-2.amazonaws.com/iam-role-cross-account-access/template.yml

Parameters

This application need some parameters when you deploy it:

• RoleIdentifier: Identifier appended to the end of the name of the role.

• AccountId: The ID of the AWS account to be granted access.

Outputs

• RoleArn: The ARN of the created access rule, to be communicated to whoever is to connect.

Credits

• Repository badges by Shields.io
• Infrastructure schema by Cloudcraft