Skip to content
Sign UpLog In
Back to all Bounties

Earn 10,800 ($108.00)

Time Remainingdue 3 months ago

aws cross account access for users federated via azure AD

Posted 3 months ago

Bounty Description

Problem Description

as a federated user who is authenticated via sso with 2FA enabled i need to be able to switch between aws accounts within an aws organization.

e.g. a federated user needs to assume role A in master payer account (account #1) and role B sub-account (account #2).

Acceptance Criteria

  • trust relationships must be defined (or checked) between role A and role B
  • user does not have to assume a role via the cli; federated user in question can swap back and forth between role A and role B
  • script can be run locally, or from within the sub account (account #2)

Technical Details

  • users are authenticated via sso through azure active directory
  • 2FA through duo
  • role A in account #1 is responsible for collecting data across sub accounts; it is read only
  • role B in account #2 will be responsible for running the script;
  • order of operations: federated user (or an application) assumes role B, role B assumes role A, role A gathers all necessary data, federated user (or an application) assumes role B and deposits data into account #2

Link to Project