Is there any way to 'describe-instances' for another AWS account from awscli?

Question

I've added a role to allow another account to list instances, but there doesn't appear to be any option to choose which account I'm listing instances from. Is there some undocumented option to pass in to choose this foreign account?

Edit:

The policy I'm using is simply the one that AWS generates for me

{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "AWS": [ "arn:", "arn:" ] }, "Action": "sts:AssumeRole" } ] }

I take it the `owner-id` [filter](http://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html) doesn't do it? — Michael - sqlbot, Nov 26 '13 at 00:22
That returns { "Reservations": [] }. Might be a policy issue? — Sergio, Nov 26 '13 at 17:03

score 2 · Answer 1 · answered Mar 29 '17 at 15:28

Yes, this can be done by setting up a cross-account role and a CLI profile for it which is documented by AWS here:

How to Use a Single IAM User to Easily Access All Your Accounts by Using the AWS CLI

The only caveat is, I can't get this approach to work using instance role privileges:

How to execute aws ec2 describe-instances for different account

Is there any way to 'describe-instances' for another AWS account from awscli?

1 Answers1