Specifying Settings for Cross-Account IAM Role

In this article

    [This step applies if you have selected the IAM role from another account option]

    At the Role Settings step of the wizard, specify the following settings:

    1. In the Account ID field, specify the 12-digit number (or alias) of the trusting account.

    The trusting account is an AWS account that owns AWS services and resources, and shares them with the initial AWS account (trusted account). To learn how to delegate access across AWS accounts, see AWS Documentation.

    1. In the AWS role name field, enter the cross-account IAM role name as specified in AWS.

    The cross-account IAM role must be created in the trusting account beforehand, and must allow the trusting account to share AWS services and resources with the trusted account — an AWS account where the backup appliance belongs. To learn how to create cross-account IAM roles, see AWS Documentation.


    If there is a path identifying the IAM role, you must specify the role name in the PATH/NAME format (for example, dept_1/s3_role). To learn how to add identifiers to IAM roles, see AWS Documentation.

    1. In the External ID field, specify an external ID of the cross-account IAM role.

    The external ID is a property in the trust policy of the cross-account IAM role used for enhanced security. For more information, see AWS Documentation.

    IAM Role Another Account