Tag: External IDs

It’s often required for a partner solution running on Amazon Web Services to access AWS accounts owned by their customers (third-party AWS accounts). This kind of access is known as cross-account access. In such scenarios, a cross-account AWS Identity and Access Management (IAM) role with external ID should be used. Explore the best practices for using external ID to avoid the confused deputy problem it is designed to solve.

Ian Scofield is a Partner Solutions Architect (SA) at AWS.  In a previous post in our series, we showed how to use an AWS CloudFormation launch stack URL to help customers create a cross-account role in their AWS account. As mentioned in an earlier APN Blog post, a cross-account role is the recommended method to […]