VICOSYS

In a scenario where you want to allow third party to access your AWS account, we can use Assume Role to facilitate the access.

Step 1. Create Role

Login to your AWS account. Create Role – under IAM > Roles

Defined Trusted Entity. Input the 3rd party AWS account number. Always require MFA for security best practise.

Select Permission Policy. AdministratorAccess will grant full access to the 3rd party. Use it with caution.

Assign a name and description of the policy, review and then create the Role.

Viola. You can copy the “Link to switch roles in console” to the third party.

---

Step 2. Third Party Access

First, Third Party login to their own AWS account and open the switch role link from the previous step. The Account and Role field will be pre-populated. Give it a name, so you can easily remember what this is for.

AWS Console keeps track of roles you have been used in the Role history menu.

Create Bucket

aws s3api create-bucket --acl public-read \
--bucket bucket-20220914-s3-6 \
--region ap-east-1  \
--create-bucket-configuration LocationConstraint=ap-east-1

https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/create-bucket.html

Remarks – how to enable versioning, encryption

Delete Bucket

aws s3 rb s3://bucket-20220914-s3-6 --force

Prepare S3 bucket to serve Website

aws s3 website \
s3://bucket-20220914-s3-6 \
--index-document index.html 

1. Open the AWS Management Console using IAM user credentials.
2. Choose your account name at the top of the page, and then select Switch Role.
   Important: If you are signed in with root user credentials, you can’t switch roles. You must be signed in as an IAM user or role. For more information, see Switching to a role (AWS Management Console).
3. Enter the account number for the member account.
4. Enter role name: OrganizationAccountAccessRole
5. (Optional) You can also enter a custom display name (maximum 64 characters) and a display color for the member account.
6. Choose Switch Role.