Access to one of the member account in control tower from another client external AWS account

Question

I have a requirement.
I have created a Landing Zone using Control Tower. One of my external AWS account needs access to the Logging member account  and access resources inside the Logging account,
How can this be achieved

Answer

If you don't want the account to be part of the organization, then you'll need to grant access. To grant access to an external account, you can treat it like a third party account. This will involve granting a trust as well as permissions. For extra security consider adding an external id which is like a key or password.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

Hope this helps, if it does please accept this answer.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

Hope this helps, if it does please accept this answer.

Access to one of the member account in control tower from another client external AWS account

相关内容