kesslerdev/README.md

Last active October 29, 2019 16:24

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/kesslerdev/12813a0cedffed5e13cc4d1a097e0353.js"></script>
Save kesslerdev/12813a0cedffed5e13cc4d1a097e0353 to your computer and use it in GitHub Desktop.

Download ZIP

Asume Role AWS #aws #assume #security #role

Raw

Asume Role AWS

Account 1 (security) with all users
Account 2 (prod) with no users

Give access to a `prod` policy for a `security` user

On `security` account

create a policy attached to users direcly or using a group

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1534164696001",
      "Effect": "Allow",
      "Action": [
        "sts:AssumeRole"
      ],
      "Resource": [
        "arn:aws:iam::{PROD_ACCOUNT_ID}:{PROD_ROLE_NAME}"
      ]
    }
  ]
}

On `prod` account

create a role with all needed policies attached & a Trust Relationship

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::{SECURITY_ACCOUNT_ID}:root"
      },
      "Action": "sts:AssumeRole",
      "Condition": {}
    }
  ]
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment