user6826691
Reputation: 2021
Datadog AWS integration for multiple aws account
I have two AWS account , I was able to set AWS integration for the first account using Terraform, but when I try to create AWS integration for my second account I am having an error.
I have created a role with in-line policy and we do not have a cross account set up.
! Datadog is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::xxxxxxxxxx:role/DatadogAWSIntegrationRole. See http://docs.datadoghq.com/integrations/aws/
Trust Relationship:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxxxxxxxxx:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "xxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}
}
]
}
Can anyone please guide me how to solve this error?
Upvotes: 2
Views: 4332
Answers (1)
mhumesf
Reputation: 451
The role arn:aws:iam::xxxxxxxxxx:role/DatadogAWSIntegrationRole also has to have permission to assume the role on the other account.
You'll have to update the DatadogAWSIntegrationRole on the primary account to include:
{
"Version": "2012-10-17",
"Statement": [
...
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::xxxxxxxxxxxx:role/AssumedRoleForDataDogInOtherAccount"
}
]
}
Upvotes: 5
Related Questions
- How to sync multiple S3 buckets using multiple AWS accounts?
- AWS Datadog integration issue
- Creating multiple sub accounts in IAM AWS
- Why can't create principal on aws iam for datadog?
- Running a single python script across multiple AWS Account
- AWS Multi-account deployment
- AWS multi account
- One IAM Role across multiple AWS accounts
- AWS: how to manage authentication for multiple accounts
- Managing multiple AWS accounts on the same computer