Juan Sebastian
Reputation: 1077
How can i create an iam policy for a service on a different aws account?
I currently need to create an iam policy with a service as a principal,
Now, i know that you can have:
"Service": [
"ec2.amazonaws.com"
On your policy, but that states the ec2 service on your own account, how can i do the same for a different account? given that i cannot create a role for the service im trying to use since it is for a machine learning installation from the web console?
Upvotes: 0
Views: 89
Answers (1)
strongjz
Reputation: 4491
You'll want to create Bucket policies and apply it to the source bucket so that accounts can access a bucket of another account.
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddCannedAcl",
"Effect":"Allow",
"Principal": {"AWS": ["arn:aws:iam::111122223333:root","arn:aws:iam::444455556666:root"]},
"Action":["s3:PutObject","s3:PutObjectAcl"],
"Resource":["arn:aws:s3:::examplebucket/*"]
}
]
}
Upvotes: 1
Related Questions
- Refer AWS Account number inside IAM policy
- AWS IAM EC2 policy limited to originating instance
- AWS IAM Policy for specific subaccount(s)
- how to combine two IAM policies together
- IAM user policy that can only triggered by a AWS service (Condition)
- Can IAM permission policy used to allow access to cross account resource?
- IAM policy allow creation of policies, but disallow changes of own account
- Restrict an IAM policy to run only in an specified account
- AWS IAM Policy to allow user to create IAM User with specific Policy/Roles
- AWS IAM policy for SQS