This can be divided in 3 Parts:
Q1) For a Piece of Code Running on EC2 Instance Ec2 Role Super Seeds AWS Config Credentials , because code could not access s3 bucket and awsr rkognition collections , but when I used AWS Configure on instance and added access and secret key I could access resources via aws cli. But when I ran it through my code it gave an error which on debugged showed aws role arn stating access denied.
Q2) I Deployed an Application On Account 1111111 With AWS Codestar It Requires following Resources: 1) AWS S3 2) AWS Rekognition
Now the Scenario is that the bucket and Collection of AWS Rekognition are on Different AWS Account 2222222.
AWS Code Star Automatically Assigns A role to EC2 Instance and if I Remove it codestar breaks so role that has that accounts code deploy must be kept.
What can done in this scenario i know S3 Bucket can be given cross account access but what about Rekognition
Can Some One Tell Me Exactly What IAM Settings needs to applied on what accounts if someone wants to achieve this.
Thanks
