By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Access to one of the member account in control tower from another client external AWS account

1

I have a requirement. I have created a Landing Zone using Control Tower. One of my external AWS account needs access to the Logging member account and access resources inside the Logging account, How can this be achieved

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
Security, Identity, & ComplianceAWS Identity and Access ManagementAWS Control TowerAWS OrganizationsAWS Account Management
Language
English
Chandra
asked 9 months ago227 views
1 Answer
1

If you don't want the account to be part of the organization, then you'll need to grant access. To grant access to an external account, you can treat it like a third party account. This will involve granting a trust as well as permissions. For extra security consider adding an external id which is like a key or password.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

Hope this helps, if it does please accept this answer.

profile picture
Bryant Pollard
answered 9 months ago
profile picture
EXPERT
Gary Mclean
reviewed 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content