Home > Software engineering >  AWS Lambda - Access resources (EC2) in another AWS account
AWS Lambda - Access resources (EC2) in another AWS account

Time:11-12

I have an AWS Lambda which is querying EC2 instances in my account, I'll call it account A and its working fine, I can see its finding my servers. I also want the lambda to query EC2 instances in another AWS account at the same time, I'll call that account B - is that possible?

I've got the following policy to allow the lambda to assume the role in account B but it only queried the same servers - all in account A - I'm just wondering if I am missing something?

Here is my policy which I've attached to the lambda role:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Assume Role",
      "Effect": "Allow",
      "Action": "sts:AssumeRole",
      "Resource": "arn:aws:iam::AccountB:role/MyRoleNameInAccountB"
    },
    {
      "Effect": "Allow",
      "Action": "ec2:DescribeInstances",
      "Resource": "*"
    }
  ]
}

Thanks

CodePudding user response:

For the Lambda to be able to assume a role in a AccountB, the role in AccountB has to have a trust policy which needs to allow the Lambda to assume the role.

Also, the role in AccountB has to have the policy which allows the Lambda to describe EC2 instances. AccountB should be the entity which allows actions inside itself, not the other way around, for obvious security reasons.

Recommend checking out this AWS support page.

Page link:https//www.codepudding.com/Softwareengineering/188696.html

Prev:Call Lambda using CustomResource
Next:Why terminated instance is still showing in GlobalVIew?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding