By using AWS re:Post, you agree to the AWS re:Post Terms of Use

AWS Organizations - Restrict access of parent account in the child account

0

I have two AWS accounts. To take advantage of the unused Reserved Instances in account A (main), I would need to invite account B into its Organization. Is it possible to make it so that accounts remain fully independant except for Billing and Reservations? I don't want account A to have any access/control over account B.

asked 2 years ago416 views
1 Answer
1

You could use add B to the orgnaization and then apply consildated billing to access the instances from B.

You could also create a resource share, which allows you to (as the name suggests), share resources To share resources that you own, create a resource share. When you create a resource share, you do the following:

Add the resources that you want to share.

For each resource type that you include in the share, specify the permission to use for that resource type.

If only the default permission is available for a resource type, then AWS RAM automatically associates that permission with the resource type and there is no action for you.

If more than the default AWS RAM managed permission is available for a resource type, then you must choose the permission to associate with that resource type.

Here is a link that could provide you of assistance https://docs.aws.amazon.com/ram/latest/userguide/getting-started-sharing.html

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions