amazon web services - Datadog AWS integration for multiple aws account -


i have 2 aws account , able set aws integration first account using terraform, when try create aws integration second account having error

i have created role in-line policy , not have cross account set up.

! datadog not authorized perform: sts:assumerole on resource: arn:aws:iam::xxxxxxxxxx:role/datadogawsintegrationrole. see http://docs.datadoghq.com/integrations/aws/ 

trust relationship:

{   "version": "2012-10-17",   "statement": [     {       "effect": "allow",       "principal": {         "aws": "arn:aws:iam::xxxxxxxxxxxx:root"       },       "action": "sts:assumerole",       "condition": {         "stringequals": {           "sts:externalid": "xxxxxxxxxxxxxxxxxxxxxxxxxx"         }       }     }   ] } 

can please guide me how solve error?

the role arn:aws:iam::xxxxxxxxxx:role/datadogawsintegrationrole has have permission assume role on other account.

you'll have update datadogawsintegrationrole on primary account include:

{ "version": "2012-10-17", "statement": [                 ...                 {                     "effect": "allow",                     "action": "sts:assumerole",                     "resource": "arn:aws:iam::xxxxxxxxxxxx:role/assumedrolefordatadoginotheraccount"                 }             ] } 

Comments

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

python Tkinter Capturing keyboard events save as one single string -

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -