Cross Account Access
Many AWS customers use separate AWS accounts for thier development and production resources. This separation allows them to cleanly separate different types of resources and can also provide some security benefits.
Cross account access makes it easier for you to work productively within a multi-account (or multi-role) AWS environment by making it easy for you to switch roles within the AWS Management Console. You can now sign into the console using your IAM user name and then switch the console to manage another account without having to enter (or remember) another user name and password.
Steps
- Identify Account Numbers
- Create a group in IAM - DEV
- Create a user in IAM - DEV
- Log in to Production
- Create the "read-write-app-bucket" policy
- Create the "UpdateApp" Cross Account Role
- Apply the newly created policy to the role
- Log in to the Developer Account
- Create a new inline policy
- Apply it to the Developer group
- Login as John
- Switch Accounts