1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
3
Hi Pedro, You will need to update the bucket policy to grant access to your third-party application. As you pointed out, AWS Control Tower Guardrail prevents updates to bucket policies, so you will need to log into the Organization Management account first, then use the Switch Role capability from the drop down menu under your login in the upper right, to assume the AWSControlTowerExecution role in the Logging account. Using that role, you will be able to update the bucket policy in the Logging account. If you prefer doing this in code, you can also accomplish this using the AssumeRole cli command.
답변함 2년 전
관련 콘텐츠
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전
Were you able to figure this out? I just tried this using the documentation at https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-generation.html?icmpid=docs_iam_console#access-analyzer-policy-generation-cross-account with no luck.