Share EC2 Instance Connect endpoint between AWS accounts
0
I'm configuring EC2 Instance Connect endpoint to access my EC2 instances in private subnets. I have multiple AWS accounts, subnets are connected via VPC peering.
Can I create a single endpoint in one AWS account, and use it in all other accounts?
The console doesn't see endpoints from another account, and doesn't allow to specify a custom id.
The blog post says:
IAM principals using an EIC Endpoint must be part of the same AWS account (either directly or by cross-account role assumption)
How is it intended to work? I'm assuming a role from another account but still need to have access to EC2 instances in the current account. Are there any examples of such a policy?
1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
To work with multiple AWS accounts, you would typically:
- Set up EC2 Instance Connect in each AWS account separately.
- Use cross-account IAM roles to access EC2 instances in other accounts.
- Grant permission for ec2-instance-connect:SendSSHPublicKey in IAM policies.
- Assume the IAM role from the originating account to connect to instances in the target account.
- The console won't show endpoints from other accounts; access is managed through IAM.
