This message is extracted from a ticket originally emailed to support@gruntwork.io. Names and URLs have been removed where appropriate.
I’m having issues switching between accounts. I login to the security account and try to switch to my dev and stage account, but always get an error. What do I need to do?
Switching accounts can be tricky because AWS does not provide useful error messages, so it’s never clear why things aren’t working. The basic procedure is simple: you login to your “security” account and to switch to another account (e.g., the “dev”, “stage”, or “prod” account), you “assume” an IAM role in that account.
However, there are lots of gotchas, and the AWS error messages won’t help you figure out which one is tripping you up, so please go through this list carefully:
X in account Y, your IAM user must be added to an IAM group in the security account called _account.Y-X. For example, to assume the allow-read-only-access-from-other-accounts IAM role in the dev account, your IAM user must be in the IAM group _account.dev-read-only (or a similar name).Other helpful tips:
allow-read-only-access-from-other-accounts and allow-full-access-from-other-accounts.dev account). You can ask an admin to find it for you (instructions). The original account IDs from when the Reference Architecture was created are also available in your walkthrough documentation in the _docs folder in infrastructure-live.