cross account access using servicenow - amazon s3 spoke

Question

I have created a IAM user in Account A and want to access a bucket in Account B.
I have added the bucket policy and cross account policy to the IAM user.

I have created the client ID and secret key for the IAM user and tried accessing the s3 using the pre-defined actions in SNOW.

Unable to list the buckets in Account B, i am able to list the buckets only in Account A as the IAM user is created in Account A

Gaurav · Answer

There are two ways to do it.
A) You can use the S3 bucket policy if you don't wish to give up your current role and assume another role. You can refer to this link 
[https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-walkthroughs-managing-access-example2.html]()

B) If assuming another role is not an issue for you then you can utilize a cross-account role. Please refer to this link 
[https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-walkthroughs-managing-access-example4.html]()

D G · Answer

IAM user in Account A contains an ARN that *must* be in the target bucket policy. IAM Users have no trust policy required for trust, IAM User in Account A must also have the proper S3 IAM Privileges to action upon the specific resource being plotted in Account B.

Using the AWS CLI make sure you configure it to point to the profile in Account A. IAM User Account A, performing aws s3api list-objects --bucket $target_bucket_name (bucket within account B)

Then you can validate that your access is correct so that IAM User in Account A has access to Account B bucket.

cross account access using servicenow - amazon s3 spoke

Add your answer

Relevant content