Organizations opt to use multiple AWS accounts for a variety of reasons including:
Users and groups within one AWS account will often need to access resources in another AWS account. Instead of creating separate IAM users and groups in each account, access can be delegated to IAM users and groups in a different AWS account using cross-account IAM roles. Certain services also provide resource-based policies to allow access across accounts. This lab walks through the mechanics of configuring and using cross-account roles and resource-based policies, specifically S3 bucket policies. Policy evaluation logic is also discussed.
Upon completion of this intermediate-level lab, you will be able to:
Familiarity with the following is recommended:
The following content can be used to fulfill the prerequisite:
Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.