Closed markhk67 closed 1 month ago
The AWS documentation to support this is below: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html
NB By default the "Switch Role" OrganizationAccountAccessRole is only availabe for 1 hour...
To switch role in the cli, you can set up a profile.
StackOverflow answer: https://serverfault.com/a/933083/130018
Example:
[kiehlmann]
aws_access_key_id = AK.............
aws_secret_access_key = xxxxxxxxxxxxxxxxxxx
[alwayson]
role_arn = arn:aws:iam::637423416545:role/OrgAccAccessRole_NS_AlwaysOn
source_profile = kiehlmann
[timebound]
role_arn = arn:aws:iam::851725449784:role/OrganizationAccountAccessRole
source_profile = kiehlmann
[fullyresponsive]
role_arn = arn:aws:iam::471112586809:role/OrganizationAccountAccessRole
source_profile = kiehlmann
You then set an AWS_PROFILE
environment variable to switch between roles.
successful for David and Rory.
As an existing user in the kiehlmann AWS account I want to be able to switch role and access any of the other GreenerSoftware accounts, So that I can do so without the need for an additional IAM User credentials (like I set up with david.carboni)
https://personalmhk.atlassian.net/wiki/spaces/MK/pages/1362034690/Establish+remote+access+to+other+AWS+accounts+with+additional+IAM+User+credentials
https://www.youtube.com/watch?v=BfE2G-fsBNU