3

I've added a role to allow another account to list instances, but there doesn't appear to be any option to choose which account I'm listing instances from. Is there some undocumented option to pass in to choose this foreign account?

Edit:

The policy I'm using is simply the one that AWS generates for me

{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "AWS": [ "arn:", "arn:" ] }, "Action": "sts:AssumeRole" } ] }

Improve this question
2
  • I take it the owner-id filter doesn't do it? Commented Nov 26, 2013 at 0:22
  • That returns { "Reservations": [] }. Might be a policy issue? Commented Nov 26, 2013 at 17:03

1 Answer 1

Reset to default
2

Yes, this can be done by setting up a cross-account role and a CLI profile for it which is documented by AWS here:

How to Use a Single IAM User to Easily Access All Your Accounts by Using the AWS CLI

The only caveat is, I can't get this approach to work using instance role privileges:

How to execute aws ec2 describe-instances for different account

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.