markhorrocks
Reputation: 1528
How can I allow an AWS cross account user to create and keep an RDS snapshot?
My business partner has created an Amazon AWS RDS instance in his account. In the event that he is incapacitated, how can I access the RDS instance and take and use a snapshot without having his admin credentials?
I see a way to share a manually created snapshot but that's not what I want. I need at any time to be able to create and extract a snapshot without permission barriers. Can this be handled by IAM?
Upvotes: 0
Views: 568
Answers (1)
John Rotenstein
Reputation: 269881
You will need one of:
- An IAM User in their account that has permissions to create and extract the snapshot. When necessary, you would login to his user and access the data. OR
- An IAM Role in their account with the necessary RDS permissions, with a Trust Policy that allows your IAM User in your Account to assume that role, so that you can then create and extract the snapshot.
Either way, they are granting you permissions to perform those steps. They should limit the permissions granted so that you can't accidentally or intentionally do damage (eg delete the database).
Upvotes: 1
Related Questions
- AWS/IAM Policy for RDS snapshot management?
- How to transfer AWS Lightsail snapshots across accounts?
- IAM role with rds:CreateDBClusterSnapshot cannot create cluster snapshot
- What is the easiest way to create a copy of an AWS SQL RDS from one account to another?
- Amazon RDS Oracle DB snapshot restore in different account
- Grant an IAM user access to one RDS instance
- AWS EC2 AMI and RDS Snapshot sharing
- AWS user just for creating RDS snapshots
- Using "ec2-modify-snapshot-attribute" to automatically copy snapshots to another account
- Can RDS snapshots be transferred across AWS accounts?