Was trying to start a session[terminal] via ssm on an instance in another account. using command
aws ssm start-session --target i-yyyaf4692d801d1xx --region ap-south-1
but it was failing with response as "Target is not connected".
END Goal: I wish to use users created in Account A to be able to start sessions on instances on Account B. both part of the same organisation.
Also,
[update 9th Jan 2023] Thanks for the responses, its clear that IAM Role[with assume role sts] suffices the request conditions. But i was looking for some seamless method, where we dont need to generate temporary credentials and use them for access each time.
May be a script to do this task or something would do. As IAM Principal: Users need to generate temp creds manually which is not the case with IAM Roles
You need to delegate access between the accounts. You can do this by creating a role in the target account which is allowed to assumed by users in the other account.
Setup the access:
Use the access:
See: cross-account IAM access for more details.