So here is what i'm trying to do. I have 2 accounts - we'll call it "prod" and "dev". I use route53 in the Prod account, and that account holds a few domains. Right now I create an IAM role and apply that to an AWS instance in the prod account so that the instance can query the metadata API to grab it's keys to access and edit it's own AWS account (For example using the aws cli tools).
Now - I have created a "dev" account. I have an AWS instance in the dev account, and i've given it an IAM role so that just like in prod the aws cli tools on the box can access AWS resources. I now would like to have this instance in the dev account to have access to the route53 zone in the prod account.
I've tried going thru this http://ift.tt/1zC2JOW
But it seems like that is mainly for users's to assume another role to get access key for that function.
So how can I setup cross account access to aws resources when the "users" are just instances and they are getting their keys from the metadata api?
Aucun commentaire:
Enregistrer un commentaire