Pinging again this question from <@U0618PCB97E> th...
# general
l
Pinging again this question from @Havard Noren that was asked here but didn’t get any answer 👇
p
I guess you need to break this into smaller chunks and build the solution. Just an initial thought that you need to use sts and iam role chaining (trust, cross account).
h
thanks for the response and thanks for bumping the question. In the meantime I’ve gotten some input from other sources: The situation where the tool ends up having full access is basically the same situation as for multi account pipelines, which seems fine as long as you lock down access (no user access to the account where the pipeline are running and only interaction through code commit or similar tools)
a
@Havard Noren if i understand the question correctly then you need AWS cross account role. Here is the link to document https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html We use to create specific role with specific permission to access client accounts and manage things.
h
Thanks for the input! That’s the path I’m currently heading for 👍