How do you automate IAM Role Creation in Customers AWS account?
0
I have a use case to automate the creation of IAM role and attaching a Permission policy to it for a Customers( internal ) AWS account( to which we may not have access to ). Any idea on how such automation can be done?
1 Answers
0
If you have no initial access to the AWS Account, the usual approach is for you to generate an AWS CloudFormation template which will create the Role with suitable Policies attached, and pass that to the customer for them to deploy. I'd suggest using tools such as cfn-nag and CloudFormation Guard to ensure your templates are following best practices and your own requirements for least privilege access.
It's a best practice to require an External ID as part of the trust policy.
Relevant questions
How do I create a role for AWS Batch using the CLI
asked 2 months agoAPI GW HTTP API: Cross Account Access via IAM
asked 10 days agoHow do you automate IAM Role Creation in Customers AWS account?
asked a month agoErrors attaching policies to the role
Accepted Answerasked a month agoPermission boundary on IAM role trust policy
asked 25 days agoVerify permissions for the IAM role
asked 3 months agoIAM Policy that allows only access to "Switch Role"
asked 2 months agoSecuring Cross-Account Access for CodePipeline
asked 5 months agoSpecify Individual Instance In Trust Policy Of IAM Role
Accepted Answerasked 2 months agoAccess bucket s3 from a role on another account
asked 9 months ago