AWS Cross-Account Delegation Access: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 11: Line 11:


=Overview=
=Overview=
Cross-account delegation access mechanism allows a user that does not have direct access to an [[Amazon_AWS_Security_Concepts#AWS_Account|AWS account]] (no [[Amazon_AWS_Security_Concepts#IAM_User|IAM user]], and no [[Amazon_AWS_Security_Concepts#API_Access_Keys|API access key]]) to perform [[Amazon_AWS_Concepts#API|API calls]] against resources in the account. Normally, all API calls against the resources of an account are [[Amazon_AWS_Concepts#Signing_API_Calls|signed]] with the API access key issued for an IAM user under that account. Cross-account delegation access mechanism leverages [[Amazon_AWS_Security_Concepts#Temporary_Security_Credentials|temporary AWS security credentials]].

Revision as of 02:22, 26 November 2019

External

Internal

Overview

Cross-account delegation access mechanism allows a user that does not have direct access to an AWS account (no IAM user, and no API access key) to perform API calls against resources in the account. Normally, all API calls against the resources of an account are signed with the API access key issued for an IAM user under that account. Cross-account delegation access mechanism leverages temporary AWS security credentials.