Newly created AWS member account is missing IAM role
Question
I just created a new account in my organization and I provided a custom IAM role. The problem is that I can't find the role in IAM, I remember then name and in any case there are few roles there so I can check. I double checked in cloud trail the IAM role name, and I search for it in IAM and I still can't find it. Is there something I'm missing or some workaround?
Background: According to the documentation :
How can I access an AWS account that was created in my organization?
As part of AWS account creation, AWS Organizations creates an IAM role with full administrative permissions in the new account. IAM users and IAM roles with appropriate permissions in the master account can assume this IAM role to gain access to the newly created account.
Update:
The steps of the link below also helped me understand the issue https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
1 answers
solution1
3 ACCPTED 2020-08-14 11:12:57
As per the documentation, the role is created in the New account. You can assumeRole by sts service to the role from the master account, so this is the reason you cannot find the role in your account.
You first assumeRole and then you can do the administrative job for the new account. You can log in through this link with your role and account.
https://signin.aws.amazon.com/switchrole?roleName=<roleName>&account=<newAccountId>
Be aware that you should be logged in to your master account first. Replace <roleName> and 12-digits <newAccountId> for yours.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.