Is it possible to set up an IAM account for 3rd party to look after the specific resources?

0

I would like to assign the admin permission for specific resources (EC2, RDS, volumes, snapshot), how to group these resources from administration's perspective? This resource group will also need use some components in my VPC (subnet, routing tables, security groups, ...), is it possible to isolate them from my other services?

1 Answer
0
Accepted Answer

This is a good resource you can refer

When third parties require access to your organization's AWS resources, you can use roles to delegate access to them. For example, a third party might provide a service for managing your AWS resources. With IAM roles, you can grant these third parties access eiito your AWS resources without sharing your AWS security credentials. Instead, the third party can access your AWS resources by assuming a role that you create in your AWS account. To learn whether principals in accounts outside of your zone of trust (trusted organization or account) have access to assume your roles, see What is IAM Access Analyzer?.

Providing access to AWS accounts owned by third parties - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.html

Also check on **Establishing your best practice AWS environment **- https://aws.amazon.com/organizations/getting-started/best-practices/

profile pictureAWS
EXPERT
answered 2 years ago
profile picture
EXPERT
reviewed 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions