Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

AWS ORGANIZATIONS

0

been working on AWS ORGANIZATIONS..i've my root account(management account) under that i've one vendor account

now in management account i've 2 ec2 instance resource..with switch role from vendor account to management account..i should only see one ec2 instance among that 2 instance that already available in management account.

now how can i apply policies to do this..i tried tag policies to do this which only restrict the vendor to do things..but for my use case i should hide one ec2 instance and show only one ec2 instance by vendor account..how can i do with?

Themen
Sicherheit, Identität & KonformitätKalkulationManagement & Unternehmensführung
Tags
AWS Identity and Access ManagementAmazon EC2AWS OrganisationenIAM-Richtlinien
Sprache
English
rePost-User-7932817
gefragt vor 2 Jahren267 Aufrufe
1 Antwort
2
Akzeptierte Antwort

You can do that by delegate access across AWS accounts using IAM roles. Use AWS Mgmt Console to establish trust between the Mgmt and Vendor account. Create a IAM role named e.g. vendorARole. When you create the role, you define the Vendor account as a trusted entity and specify a permission policy that allows trusted users to access only one of the EC2 instance via tagging.

You can see a similar steps for sharing of S3 bucket across account at:

https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

AWS
ronald_l
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt