According to the Documentation: Granting permissions to multiple accounts with added conditions it is possible to create with the entry:
Principal": {"AWS": ["arn:aws:iam::111122223333:root","arn:aws:iam::444455556666:root"]}
just access for all the users inside this account. But unfortunately it is not working. When putting single users there the access for that User from that different account is working. But with all and the root
option is does not work.
CodePudding user response:
But with all and the root option is does not work.
This is because the admins of these accounts also have to add permissions to IAM users/roles to access the bucket. In other words, adding arn:aws:iam::111122223333:root
to a bucket policy is not enough. The individual IAM users or roles from 111122223333
also need IAM permissions to access the bucket.
CodePudding user response:
No, I don‘t think that is correct what you are saying. The docs stating that with that root configuration all users are inherited.
So with that I would guess that this entry is enough to grant access For all respective user within that account.
What do we miss here?