Specifying Settings for Cross-Account IAM Role
[This step applies if you selected the IAM role from another account option]
At the Role Settings step of the wizard, specify the following settings:
- In the Account ID field, specify the 12-digit number (or alias) of a trusting account.
The trusting account is an AWS account that owns AWS services and resources, and shares them with the initial AWS account (trusted account). To learn how to delegate access across AWS accounts, see AWS Documentation.
- In the AWS role name field, specify the name of the cross-account IAM role that you want to add. You must specify the name that the IAM role has in AWS.
The cross-account IAM role is created in the trusting account and allows the trusting account to share AWS services and resources with the trusted account.
If there is a path identifying the IAM role, you must specify the role name in the PATH/NAME format (for example, dept_1/s3_role). To learn how to add identifiers to IAM roles, see AWS Documentation.
- In the External ID field, specify an external ID of the cross-account IAM role.
The external ID is a property in the trust policy of the cross-account IAM role used for enhanced security. For more information, see AWS Documentation.