We have multiple AWS accounts and one management account. We have one web application server in management account. From this server we can create EC2 instances on multiple AWS accounts using secret and access key. However, we would like to launch instance on other AWS accounts using IAM role. Is possible to lauch instances on other AWS accounts using IAM role (Instead of using access and secret key) ?
CodePudding user response:
The typical setup would be:
- Create an IAM Role in each 'other' AWS Account
- Give it the same name in each account to keep things simple
- Grant it permission to launch an Amazon EC2 instance
- To launch an instance in an 'other' account:
- Assume the IAM Role in the target account (the desired Account ID would be specified in the chosen IAM Role's ARN)
- Use the returned temporary credentials to launch the EC2 instance