Running a boto3 script on multiple accounts all in different regions
Question
I am using an IAM user account to run a boto3 script against multiple aws accounts they are all in different regions. The default region for my IAM user in ~/.aws/config is us-east-1.. My script only works for the accounts in us-east-1 region but does not return anything for other regions. How do I get it to run cross regions?
1 answers
solution1
0 2020-04-08 06:01:02
IAM credentials are associated with a single AWS Account . If you wish to make API calls to another account, the program will either need credentials from that account, or it will need the ability to assume a role in the other account . That role would need to trust the IAM User/Role that are being used to call AssumeRole() .
(Some services, such as Amazon S3 and Amazon SQS, have additional access policies that can allow cross-account access without assuming a role.)
To connect to a specific region , specify the region when creating the client:
ec2_client_sydney = boto3.client('ec2', region_name='ap-southeast-2')
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.