1 Answer
- Newest
- Most votes
- Most comments
0
I don't see in the documentation where it says that you can do what you're trying to do.
To clarify:
- You have a Route 53 zone created in account A.
- You want a user in account B to manage the zone in account A.
The way to do this is:
- Create a role in account A that has the required permissions.
- Give permission to the role in account B to assume the role in account A.
- When authenticated as the role in account B (which it appears you are); assume the role in account A.
- Use the new credentials to perform the Route 53 actions in account A.
The documentation you've linked to does mention this in the section that starts with Attach a permissions policy to a role (grant cross-account permissions)
.
Relevant content
- asked 8 months ago
- asked 5 months ago
- Accepted Answerasked 9 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
Thanks Brettski-AWS … makes sense and this is how I've done it in the past for a normal IAM user.
I'm clearly missing something, but the reason I went this way is that I don't see anyway to associate a role with an IAM Identity Center user. That's why I was trying to set up the permissions using an inline policy on the Permission Set.
You had this bullet point:
I'm authenticated as an Identity Centre user, belonging to the admins group, which through AWS Accounts has permissions for the Administrator Access permission set. I can apply policies to the permission set, but not roles.
Again, I'm clearly missing something – you may be able to enlighten me.
Oh, it's probably relevant to mention that I am trying to this as part of updating a Cloudformation template. So I can't completely switch roles.
Ok - so because you're trying to do this as part of CloudFormation, the answer is to use a custom resource although it might be possible with a StackSet. Personally, I think a custom resource is better because you're trying to update DNS which is usually something that requires a little more logic.