We are excited to introduce cross-account API access using AWS Identity and Access Management (IAM) roles. This new feature gives you increased control and simplifies access management when managing services and resources across multiple AWS accounts. Cross-account API access allows you to delegate temporary API access to AWS services and resources within your AWS account without having to share long-term security credentials.
You can now create an IAM role under your account with a set of permissions and grant a different AWS account the ability to enable its users to assume the role. When delegated IAM users assume the role, they only have access to services and resources explicitly granted by the role’s permissions.