I have two accounts ( sandbox and pipeline)
On Sandbox account, Go IAM -> Roles -> Create ROle-> Select Another AWS acccount as shown below
Put Pipeline account number
Click Permissions -> Select any policy /custom policy -> Put Role name ->Create Role
Below policy will auto created
{
“Version”: “2012–10–17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“AWS”: “arn:aws:iam::accountnumber of pipeline :root”
},
“Action”: “sts:AssumeRole”,
“Condition”: {}
}
]
}
Now on pipeline account
Create a policy like this
{
“Version”: “2012–10–17”,
“Statement”: [
{
“Sid”: “VisualEditor0”,
“Effect”: “Allow”,
“Action”: “sts:AssumeRole”,
“Resource”: “arn:aws:iam::account number of sandbox:role/Build_Infrastructure_Terraform_Role”
}
]
}
Create a role and assign that policy to this role
Attach this role to the EC2 instance
Now run the below command. NOTE if AWS CLI is preconfigured then first delete those and run it.
aws sts assume-role — role-arn “arn:aws:iam::accountnumber of sandbox:role/Build_Infrastructure_Terraform_Role” — role-session-name “EC2FromB”