Modifying the AWS cross-account setup
You can modify the cross-account account setup later by adding or removing AWS accounts.
Procedure
-
To add a trusting account, follow these steps:
- Follow the steps in t_Qapps_CSA_configure_trusting_AWS_account.html#task_xdl_1kd_fhb.
-
Modify the JSON in step 2b of t_Qapps_CSA_configure_trusted_AWS_account.html#task_ety_k32_fhb. For example, if you want
to add a trusting account with an ID called Trusting_Account_3_ID, then modify
the JSON in the example of 2b as follows:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::Trusted_Account_ID:role/CVAppAssumeRole" }, { "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::Trusting_Account_1_ID:role/CVAppAssumeRole" }, { "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::Trusting_Account_2_ID:role/CVAppAssumeRole" }, { "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::Trusting_Account_3_ID:role/CVAppAssumeRole" } ] }
-
To remove a trusting account, follow these steps:
- Delete the CVAppAssumeRole and CVAPIAccessPolicy that you created in the procedure for configuring a trusting account.
-
Modify the JSON in step 2b of configuring a trusted
account. For example, if you want to delete the trusting account with an ID called
Trusting_Account_2_ID, then modify the JSON in the example of 2b as
follows:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::Trusted_Account_ID:role/CVAppAssumeRole" }, { "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::Trusting_Account_1_ID:role/CVAppAssumeRole" } ] }