En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

AWS ORGANIZATIONS

0

been working on AWS ORGANIZATIONS..i've my root account(management account) under that i've one vendor account

now in management account i've 2 ec2 instance resource..with switch role from vendor account to management account..i should only see one ec2 instance among that 2 instance that already available in management account.

now how can i apply policies to do this..i tried tag policies to do this which only restrict the vendor to do things..but for my use case i should hide one ec2 instance and show only one ec2 instance by vendor account..how can i do with?

Sujets
Sécurité, identité et conformitéCalculGestion et gouvernance
Balises
Gestion des identités et des accès AWSAmazon EC2Organisations AWSPolitiques IAM
Langue
English
rePost-User-7932817
demandé il y a 2 ans267 vues
1 réponse
2
Réponse acceptée

You can do that by delegate access across AWS accounts using IAM roles. Use AWS Mgmt Console to establish trust between the Mgmt and Vendor account. Create a IAM role named e.g. vendorARole. When you create the role, you define the Vendor account as a trusted entity and specify a permission policy that allows trusted users to access only one of the EC2 instance via tagging.

You can see a similar steps for sharing of S3 bucket across account at:

https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

AWS
ronald_l
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents