Problem Description

as a federated user who is authenticated via sso with 2FA enabled i need to be able to switch between aws accounts within an aws organization.

e.g. a federated user needs to assume role A in master payer account (account #1) and role B sub-account (account #2).

Acceptance Criteria

• trust relationships must be defined (or checked) between role A and role B
• user does not have to assume a role via the cli; federated user in question can swap back and forth between role A and role B
• script can be run locally, or from within the sub account (account #2)

Technical Details

• users are authenticated via sso through azure active directory
• 2FA through duo
• role A in account #1 is responsible for collecting data across sub accounts; it is read only
• role B in account #2 will be responsible for running the script;
• order of operations: federated user (or an application) assumes role B, role B assumes role A, role A gathers all necessary data, federated user (or an application) assumes role B and deposits data into account #2

Link to Project