In the current CSAP course in the "Cross Account Access – Roles & Permissions" lecture, Ryan logs into the AWS console of the production account to set up a cross account access role with the accounts root credentials. Is using the root user account a requirement when setting up a cross account role? Or does a user with administrator access to the account have sufficient rights to create the role? As he is actually creating a trust between two accounts it’s seems logical that only a root account would have the rights to create such a role. It’s not clear in the lecture if having root credentials is a requirement. Thanks in advance.
1 Answers
Hi Darrel,
If I understand what you’re referring to, you don’t have to use the root account…just an IAM user with account admin access. There are very few things that require you to use a root account and I expect this to decrease even more. AWS discourages use of root for much of anything.
This might help you too: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
Good luck on the exam!
–Scott
I guess I could have just tested it but…. I take the professional exam in 2 days and I am close to hitting a wall. 😐