AWS Organizations CLI

Gábor Lipták
2019-09-07 1 min read

Many AWS customers take advantage of AWS Organizations to organize and secure their workloads. In many cases, users login into their master account and configure permissions allowing to switch to member accounts in the Console. The same permissions can be used for AWS CLI.

In this example below, a single AWS Access Key has to be generated (and rotated) in the master account and it can be used to switch to test/2222222 and production/3333333 accounts using the CrossAccountAccessRole already configured for switching in the Console.

[master]
aws_access_key_id     = AKIZZZZZZZZZZZZ
aws_secret_access_key = a78594065069565

[test]
role_arn = arn:aws:iam::2222222:role/CrossAccountAccessRole
source_profile = master

[production]
role_arn = arn:aws:iam::3333333:role/CrossAccountAccessRole
source_profile = master
AWS
Gábor Lipták
comments powered by Disqus

Related