I have two AWS accounts, Account A, Account B
On Account B
there is IAM Role
with trust relationship to account A
and S3FullAccess
policy
.
On Account A I have IAM user
configured with access key
and secret key
, this IAM user
has policy
with assume role
to the role created on Account B
.
Meaning, the user on Account A
has full access to S3
resources on Account B
.
When I configure the access and secret keys
on my local pc on ~/.aws/credentials
and configure the arn_role
of the role
created on account B
on ~/.aws/config
, I have access to all S3
resources on Account B
from AWS CLI
.
I am using Cyberduck
to create Presigned URLs
and I want to create the Presigned URLs
using the configuration I specified here.
I want to have access using the cross account role
on Cyberduck
, as I specified.
I this feature exists? alternate options are welcome.
It should be possible using the S3 (Credentials from AWS Security Token Service) profile from Connecting using AssumeRole from AWS Security Token Service (STS).