how to describe cloudformation cross account stack info/name/details

0
votes

We've 2 aws accounts.Now we trying to migrate our prod environment resources to another aws account. We've set up pipeline in account A which will deploy resources in account B. Our AWS infra stack is already available in account B and while running below cmd from account A we're getting below error:-

cmd:- aws cloudformation describe-stacks --stack-name prod-gateway

Error:- An error occurred (ValidationError) when calling the DescribeStacks operation: Stack with id prod-gateway does not exist

which is a valid error because we're trying to fetch the account B stack info from account A and the stack is not exist in acc A.

So the question is can I describe the stack info of account B from account A ? is there any cross account cmd to achieve this ?

1
amazon-web-servicesamazon-cloudformation

1 Answers

0
votes

So the question is can I describe the stack info of account B from account A ? is there any cross account cmd to achieve this ?

You use for that cross-account roles roles which you have to setup. In a nutshell:

  • in accB you create a role which allows describing its stacks. The thrust relationship of the role allows accA to assume the role.
  • in accA you use assume-role to assume the role from accB. This will give you new temporary AWS credentials. The IAM role/user in accB must have permissions to assume the role.
  • in accA, using the temporary credentials, you can execute your aws cloudformation describe-stacks against accB.