In a scenario where you want to allow third party to access your AWS account, we can use Assume Role to facilitate the access.
Step 1. Create Role
Login to your AWS account. Create Role – under IAM > Roles
Defined Trusted Entity. Input the 3rd party AWS account number. Always require MFA for security best practise.
Select Permission Policy. AdministratorAccess will grant full access to the 3rd party. Use it with caution.
Assign a name and description of the policy, review and then create the Role.
Viola. You can copy the “Link to switch roles in console” to the third party.
Step 2. Third Party Access
First, Third Party login to their own AWS account and open the switch role link from the previous step. The Account and Role field will be pre-populated. Give it a name, so you can easily remember what this is for.
AWS Console keeps track of roles you have been used in the Role history menu.
