Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

AWS ORGANIZATIONS

0

been working on AWS ORGANIZATIONS..i've my root account(management account) under that i've one vendor account

now in management account i've 2 ec2 instance resource..with switch role from vendor account to management account..i should only see one ec2 instance among that 2 instance that already available in management account.

now how can i apply policies to do this..i tried tag policies to do this which only restrict the vendor to do things..but for my use case i should hide one ec2 instance and show only one ec2 instance by vendor account..how can i do with?

Temas
Seguridad, identidad y cumplimientoCálculoGestión y gobierno
Etiquetas
AWS Identity and Access ManagementAmazon EC2AWS OrganizationsPolíticas de IAM
Idioma
English
rePost-User-7932817
preguntada hace 2 años267 visualizaciones
1 Respuesta
2
Respuesta aceptada

You can do that by delegate access across AWS accounts using IAM roles. Use AWS Mgmt Console to establish trust between the Mgmt and Vendor account. Create a IAM role named e.g. vendorARole. When you create the role, you define the Vendor account as a trusted entity and specify a permission policy that allows trusted users to access only one of the EC2 instance via tagging.

You can see a similar steps for sharing of S3 bucket across account at:

https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

AWS
ronald_l
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante