run terraform from another aws account

Question

is it possible to launch terraform from a different account in aws? so terraform server in aws acc 123456 and target server where aws ec2 should be provisioned using terraform (aws acc 123456) in another aws acc 456789. my role of my target aws acc is assumed on my terraform account (aws acc 123456)

when executing terraform plan i get the bellow error:

Error configuring Terraform AWS provider" IAM Role (arn:aws:iam:456789:role/xxxxxxx) cannot be assumed

The credentials used in order to assume the role are invalid
The credentials do not have appropriate permission to assume role
The role ARN is not valid

Can some please help me

Marcin Marcin · Accepted Answer · 2020-08-17T23:13:36

Do to lack of any details in your question, I can only speculate that the reason (its a common reason) is that the IAM user which terraform normally uses has no permissions to assume the role in question:

The credentials do not have appropriate permission to assume role

Usually, for a role to be assumed, an IAM user has to execute sts:AssumeRole action. Therefore, the user needs to have permissions to do so.

run terraform from another aws account

1 Answers