I have a parent IAM account and I have multiple clients. I want to have multiple child account in AWS. I dont want the child account to see the resources in parent account and other child account.
How can I implement this?
Thanks
Asked
Active
Viewed 2.7k times
2 Answers
16
You can create multiple AWS accounts, and link them. You will have to do this with the master account root credentials, not an IAM account.
Full details are here:
Update, Q1 2017:
AWS has introduced Organizations, which lets you create a new account linked to your payer account. Organizations is also supported by the AWS CLI, so you can create new accounts programmatically, without needing the root credentials.
-
if account A has 3 ec2 instance and account B have 2 instances then Account A cannot see the ec2 instance of Account B???? Is it possible with this approach ??? – user3086014 Mar 21 '14 at 12:12
-
1Absolutely. You have separate accounts, separate IAM users, separate everything - only billing is rolled up to the "master account". So you'd have Account M, account A and account B. – chris Mar 21 '14 at 17:02
-
If there are multiple sub-accounts A, B and C can I have a single global IAM account and use it to create EC2 instances in each sub-account A, B, C and be able to see the cost incurred by each A, B and C separately while still getting a single consolidated bill to main account? – Farrukh Najmi Sep 08 '20 at 18:03
-
But account B can't create any new accounts, e.g. account C? So no matter what, the owner of the master account has to do the account creation? What's the solution for delegating that job of creating new accounts to someone else, creating an access key specifically for account creation? It would be more convenient if sub accounts could create more accounts beneath them. – RaisinBranCrunch Aug 04 '21 at 18:07
0
You can assume roles with temporary credentials to grant access between accounts, see http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html
Julio Faerman
- 13,228
- 9
- 57
- 75