Acquiring aws cross account iam role locally

0
votes

I'm new to aws and facing problem for iam role.I'm doing cross account role. Say in Account x ,created role for Account Y togive permission to read from kinesis Streams.

I want to connect to Account Y to fetch streams from Account X locally using java SDK(i'm not launching EC2 instance on Account Y). So is their any way to do that?

I understand that if i run the application on EC2 instance on Account Y, I will be able to fectch it, but i don't want to fetch it by using EC2.

    AWS doc mentions in 
    https://docs.aws.amazon.com/cli/latest/topic/config-vars.html

    # In ~/.aws/credentials:
    [development]
    aws_access_key_id=foo
    aws_secret_access_key=bar 

    # In ~/.aws/config
    [profile crossaccount]
    role_arn=arn:aws:iam:...
    source_profile=development

Is it related to that? Here i think crossaccount is the role created in account x to give access to account y.

Which aws api should I call to fetch the streams?

Thanks in advance.

1
amazon-web-servicesaws-sdkamazon-iamamazon-kinesis

1 Answers

0
votes

Cross-Account access in AWS has a specific protocol you'll need to follow. As you created an IAM Role in account X which has been given access to resources in account Y, account Y will also need to grant that role permission to perform STS:AssumeRole.

Once this part of setup is complete you should be good to go. Read more about it here

To use the AWS SDK for Java, create a service object for the STS service and perform an AssumeRole invocation. If you supply this with the right credentials, the result of that will be a valid pair of credentials that have access to account Y's resources.

Read more about using Assume Role in Java here.