I have a cloudfront, let's say in Account A and I want to access this cloudfront from a build server which is in another AWS account let's say in Account B with IAM Role.
How to give a IAM role access(Account B) to that cloudfront which is in Account A.
Note: Please consider Role not IAM user.
Overview of Managing Access Permissions to Your CloudFront Resources
An AWS account owns the resources that are created in the account, regardless of who created the resources. Specifically, the resource owner is the AWS account of the principal entity (that is, the root account, an IAM user, or an IAM role) that authenticates the resource creation request.
The following examples illustrate how this works:
Attach a permissions policy to a role (grant cross-account permissions) – You can grant permissions to perform CloudFront actions to a user that was created in another AWS account. To do so, you attach a permissions policy to an IAM role, and then you allow the user in the other account to assume the role. The following example explains how this works for two AWS accounts, account A and account B:
Account A administrator creates an IAM role and attaches to the role a permissions policy that grants permissions to create or access resources that are owned by account A.
Account A administrator attaches a trust policy to the role. The trust policy identifies account B as the principal that can assume the role.
Account B administrator can then delegate permissions to assume the role to users or groups in account B. This allows users in account B to create or access resources in account A. For more information about how to delegate permissions to users in another AWS account, see Access Management in the IAM User Guide.
