Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. To achieve this, you can either log into the AWS Management Console, switch to the AWS region were you want to create the stack, and then click on this partially pre-configured Image Removed URL

    Image Added

    URL, or you can create a stack manually via one of the following approaches:

    For the manual approach, when asked to "Specify an Amazon S3 template URL" on the console, please reference the URL of our cross-account-access.yaml template.


    For all approaches, please ignore the optional 'External ID' parameter, which is only required for advanced usage scenarios at scale (read more, if you are curious).

  2. Supply the following parameters:

    1. Stack name (rename as you see fit): cross-account-access-utoolity

    2. ID of trusted partner account (ask): <our collaboration account>

    3. (Optional) External ID (ignore):

    4. Grant cost audit permissions (review): true

    5. Grant security audit permissions (review): true

    6. Managed IAM policy ARNs (review): arn:aws:iam::aws:policy/job-function/ViewOnlyAccess

    7. Require MFA (keep): true

  3. Finally you'll also need to acknowledge that the template creates IAM resources.

  4. The stack creates an output 'CrossAccountRoleArn' - please report this back to Utoolity so that we can assume the provisioned role to gain access to your AWS account based on the selected policy (i.e. likely ViewOnlyAccess right now, to be adjusted as we go).