IAM role based on an existing set of credentials from another account

2018-06-21 08:28:16

I've received a set of credentials (access key and secret) that were generated for me to access a different AWS account's resources, in this case specific S3 buckets. Can I define an IAM role in my account, based on these keys? I would like not to embed the credentials directly on the machines in my account that will access those resources.

Just to clarify, I know that access can be given directly from the other account to a role in my account. However given that I already have the set of keys, I would like to set up my own roles without needing to ask for an admin operation in the other account every time I make a change.

Thanks

No, you can't do this.

IAM roles are not "based on" other credentials. They are primary entities, identities independent of any user or credential set.

Consider the documented description of a role, with a couple of highlights to illustrate the gaps:

An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have any credentials (password or access keys) associated with it . Instead, if a user is assigned to a role, access keys are created dynamically and provided to the user. (emphasis added)

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html

链接地址: http://www.djcxy.com/p/59966.html

上一篇: 为具有1个权限的帐户发布Amazon AWS凭据

下一篇: IAM角色基于来自另一个帐户的现有证书集