Want to view, list, modify the S3 bucket (s) and objects (s) in the linked account for manipulation purpose, but not able to. Description: I have a master account and three member account. I have logged in with the user 'Jagdish' to my master account and assumed a Admin role to different linked accounts in AWS. Now the situation is i want to access the bucket and its resources present in master account from one of my member account '1'. which i am not able to view or list at this point of time
Things didnt work:
- I have logged in to the AWS master account, and modified its ACL policies to allow the member account ID full access
- I have used the bucket policy in the master account bucket to allow access for member account (please refer code in below section)
- I have tried to create a cross account role in master account, and then sts policy accessing the role from master account, but here in this case the problem is I have to assign this role particular user in the member account rather than root user. I want the permissions to be for the member root user
- Used Service Control Policies (SCP) in master account to give full S3 access policy and assigned it to member account. but it didnt work
{ "Version": "2012-10-17", "Id": "Policy15556916455366", "Statement": [ { "Sid": "Stmt155562234628751", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<member account number>:root" }, "Action": "s3:*", "Resource": "arn:aws:s3:::cdbucket-jagdish" } ] }
I want my member account (when i switch from master to member account) in AWS Organization to be able to view or list the bucket (s) from the master account. So that the bucket can be used for operations like reading or writing the files to that bucket.
