Tons of credit to Widdix => https://github.com/widdix
- Create a role of the type "Another AWS account", pointing it at the Account ID of the child account. There must be a unique role for each of the child accounts. This can be found in the my account menu when logged into the child account.
- Paste the contents of the iam-master-policy.json,replacing the MASTER account ID with the CHILD account ID. This .json is placed in the inline policy.
- Name the policy iam-master-clientNameHere
- Create an IAM, EC2 role
- name it iam-client-clientNameHere
- Attach an inline, custom policy with the contents form iam-child-policy.json adding the MASTER Account ID and the MASTER Role name that we just created
- Attach newly created client role to instance. This can be done via the cli or the AWS EC2 GUI, by highlighting the instance > Instance Settings > Attach/replace IAM role > selecting newly created client role
- sudo git clone https://github.com/giancarlopetrini/aws-iam-ssh.git /opt/aws-iam-ssh
- cd /opt/aws-iam-ssh/linux-files
- sudo chmod +x /opt/aws-iam-ssh/linux-files/new-install.sh && sudo chmod +x /opt/aws-iam-ssh/linux-files/new-import-iam-users.sh
- sudo ./new-install.sh
- sudo reboot
- sudo nano /opt/aws-iam-ssh/linux-files/new-import-iam-users.sh
- change value of IAM info on Line 74, in assume role call, to accurate information, based on the hints
- sudo /opt/aws-iam-ssh/linux-files/./new-import-iam-users.sh
If the last command does not execute, follow the steps below
- sudo yum reinstall python-pip
- pip uninstall awscli
- pip install --upgrade --user
- Verify with aws --version