Thank you for this video! I remember while I was going through the interview, this kinda of question was asked. I wasn't sure at that time and had to ask many people working on AWS how to do that. This video cleared my doubts, learnt something today. Thanks a lot, Sir! Keep doing good for us.

This cross account access is very useful especially for working people. You explained it very clearly with out any confusion.

This tutorial/demo is amazing! It clearly explains how to set up cross account roles/access. It is much much better than official AWS documentation. Thank you!!!

Amazing, wonderful, concept-clearing video.

This is very clearly explained. Thanks to you.

Another fine video tutorial. Thank you for demonstrating this feature - it is finally clear to me.

Hello, Last week I went through the another AWS course. I understood the concept. But on my own I could not do it, because in that training he is using cloud formation template and role is created automatically. This first time I realize how to create STS:Assume role and restrict it to the specific individual. Now if I go back the training course, I can join the dots backwards. Thanks a lot for this. The best point in this video is when went ahead without creating STS Assume role and made viewers to think. I look forward to your "Online" Handson training. The last impression of this video was "use of real world use cases" because you normally get these situation in day to day life.

Amazing clarity of thought and flow of explanation. Kudos to the creators!

Excellent explanation and demo. I was struggling to understand switch role concept. Now its very clear. Thank you so much Sir

very well explained ,lot of clarity

Hats off to you for such amazing content. You know where a user can be stuck and emphasize on this portion. Superb

Very nice explanation with use case.

Superb scenario based video...kudos to KI..

Awesome video. This deserves like a hundred thumbs up from me.

what a tutorial !! Amazing, simply Amazing !! I Applauded :)

The use cases you present is great! Thank you :)

well demonstrated, enjoyed this video. thanks a lot.

an awesome explanation for cross-account access

thank you very much sir....understood it very well 😊😊

Very well explained, simple thing explained in an even simpler manner.

Thanks a lot sir.. You clear my doubt.. Excellent

Thank you for sharing this information 🎉

A GOOD AND AMAZING CONTENT, THNKS FOR IT

Its one of the best video

Sir you to Good explanation each and every content of this video also and other videos which I seen nice to explain basic and deep learning thanks for sharing

Great work

Thanks 🙏👍 a lot. For you I got my KZbin channel back.

Superb. Thankss

Fantastic

Thank you so much Sir..

Very well explained ..

Nice explanation.. Well 👍

Great video, thanks a lot!

awesome tutorial sir! thanks a lot!

Nice explanation... subscribed

Very Good

wonderful work!

Thank God....I found AWS awesome channel .....I ma very new to AWS , Please let me How can I crack AWS associate Architecture exam???....I started watching Videos from your channel...and It just awesome Sir....

Well explained!

Great video

Awesome explanation ☺️

"One of the best AWS Tutorials on the net....", kudos KI. One request -> Can you please do a session on IAM permission boundaries..

Good explanation

Best one

Nice one. thanks KI!

you are the best :) waiting for IAM policies session

Thanks for the good explanation, once this set up is done. how to achieve cross-account sign in using AWS CLI

Thanks and very nice video :)

Thanks! for the video , Just got a thought , I was wondering if the same thing could be done between two AWS organizations?

Thank you!

Great video!! you just earned another subscriber. quick question though. now that you have created user grp and attached inline 'assumerole' policy, we don't have to modify trust relationship to explicitly deny komal's permission? assuming komal is not the part of that user grp.

Great

nice video. i follow all you videos. my sincere request, please do not add music.

Greatttttt!!!!!

Thank you sir. This is very helpful. I have a question beyond this part. Say I have 2 users user1 and user2, part of "assumeRoleGroup", on KI2 and i want all users part of "assumeRoleGroup" to be able to assume role on KI3 and no one else. How do I do that? I tried adding the arn of the group to Trust relationships on KI3 but that failed - gave me an error. Looking forward for you suggestion

very well explained...can you do a session where showing multiple issues regarding this switch role on real scenario based and how to tackle that...!!

Thanks for the video. I have a question, Instead of creating a group and adding users in 2nd account, Can we add Gopal and Komal as trusted users while giving permissions in Another AWS account option(role permissions) window?

That was detailed ! One quick question regarding STS. Since assume role is under STS, in this use case once the user gopal assumes role in KI3 what would be the credentials used ? i mean will temporary credentials with a token be generated and used ?

Nice video. This video covers read-only access to KI3 How do provide Admin access to KI3 only for particular user who is on KI2?

Thanks for providing such a clear content free, I am trying to understand what fits my use-case, lets say I have a binary which I need to run in another EC2 - VPC-peering / VPN / ?? .

The tutorial was great. I was able to successfully delegate the role, but having problems creating a separation between environments (prod and demo). I have tried to add resourcetag to both IAM roles and STS and neither or working. I want a user with AdminAccess to have that access but limit him or her to demo or prod. Can you please provide some guidance on this topic? Thank you for the videos.

apart from role policy being restricted to Gopal, is it not true that Komal is not able to to log in "also" because she has not been given switch role permissions via STS role's API.

Wonderfully explained the 'oops' and 'gotchas' here. Watched it twice to understand it fully well. I see why the account granting access would want to restrict only to the legitimate users(Gopal). But going by principle of least privilege, Komal should not be given the STS access altogether if there really is going to be no need for her. Was it necessary?

precisely explained, well done my friend. Keep it up the good work....👍 one query: If any object is uploaded to S3 bucket named KI3 of KI3 account by user Gopal of KI2 account; will a user name Ram in KI3 account, be able to download the same object ffrom KI3 bucket of KI3 account (assuming appropriated policy is attached to IAM user Ram with download policy)?

can you please explain what is STS in detail and in which cases we have to use STS policy

I'm explaining below what I understood Please correct me if my understanding is wrong here Let's say users in acc b wants to access resources in acc a Step1- acc a needs to have a role that should be allowing acc b users (arn) Step 2 - acc b needs to have the users mapping arn in above step besides this policy with service sts and permission assume role should be assigned to users. Verification - acc b user login, then switch role, he need to know acc a details which are acc number of acc a and also the role name he created

Very nice tutorial. Just one question. How do I add multiple users (i.e. >1) in Trust relationship?

Nice explanatory video, thanks. But the background music is unnecessary and very disturbing while you try to focus on the content.

Sir why was user Gopal assigned read only permissions only in KI2 account. I mean if Gopal had been assigned full access in KI2, would that have made a difference considering that the role assumed already is customised to be read only accessible.

Also I have a doubt in 10:01 i see that there is api session as 1 hour what is that option, what it does??

Hello ki please upload deep dive of redshift service

Is there a way when you create the role on KI3 to use the ARN for a particular user?

I have a quick question , if i have server side encryption enabled at the bucket and i do give another cross account role permission to put data in bucket , but the cross account owner insists on client side encryption , i understand this can be done by sharing KMS key and they can use any SDK at their end to achieve it . a) Is it is possible to achieve this? b) When Retrieving the object out of the bucket then we would need to use the same KMS key to decrypt the object after downloading the object from bucket ? Regards Rahul

How to configure same thing using AWS CLI...?

Great. Very helpful. But the background music is very distracting

Thanks for wonderful series Regarding cross account access How to give group of users cross account access in trusting account I can not add group in trusted entity because it is not principal can you suggest

All is Good but Why music Background

Please share Playlist for AWS videos.

I have an java app running in EC2 instance which makes use of aurora rds in another account as its data base ...can we implement this scenario using this ?

Sir why did user Gopal have to sts assume role?

How can i do the same thing through CLI or API ?

I have below requirnment: I want to see all child account cloudwatch alarms on parent account and from that account i am going to integrate it with my MOM layer... How can i see all account alert in my parent account Secondly, I want to trigger SNS topic which is available in my parent account and i want to trigger it from my child account..

Hello Sir......Let's suppose we have 100 users in my AWS account and I want only 90 users to be able to access the other account.....then do we have to edit the trust relationship for each of them, or there is any other way to do it in one shot.......Thanks in advance

how to do this terraform ?

why did you assign read only access to gopal in ki2 ( does it has any thing to view objects in ki3 ........ i think no ) ........... this is bit confusing .........hope i try to explained my question clearly

I have multiple vpc in one account and one user I have to give access of only specific vpc and not other vpc and other resources is it possible

what about cli access

This video is really helpful.Thank you so much.Kindly guide how to crack ACSAA-2019

Can you please stop the background music... going fwd?

I don't believe you should create IAM users for every employee. And also copying the same IAM roles between hundreds of accounts is just a waste of time.

Background Music is annoying.

Brilliantly Done thanks a lottt for this video. Have a Great New Decade.

Great video