1 Answer
- Newest
- Most votes
- Most comments
1
You will not be able directly assume a role in a different account than in the parent account. You need to delegate the role assumption, basically assume a role in parent account, get credentials on IoT Device. Use these credentials to assume a new role in sandbox account. Use the new credentials to call the AWS Service in the sandbox account. The steps are outlined here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_aws-accounts.html
https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
Relevant content
- asked 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago