AWSTemplateFormatVersion: 2010-09-09
Description: >
Creates a cross-account role that your AWS account can assume
in order to accept a VPC peering connection in the other account.
This is pretty confusing, so to clarify,
1. Run this CloudFormation in the OTHER account to create the cross-account role.
2. Your account requests a peering connection with the other account.
3. Your account assumes the role in order to access the other account
and accept the peering connection.
Parameters:
PeerRequesterAccountId:
Type: String
Resources:
AcceptVpcPeeringRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Principal:
AWS: !Ref PeerRequesterAccountId
Action:
- 'sts:AssumeRole'
Effect: Allow
Path: /
Policies:
- PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: 'ec2:AcceptVpcPeeringConnection'
Resource: '*'
Description: >
Creates a cross-account role that your AWS account can assume
in order to accept a VPC peering connection in the other account.
This is pretty confusing, so to clarify,
1. Run this CloudFormation in the OTHER account to create the cross-account role.
2. Your account requests a peering connection with the other account.
3. Your account assumes the role in order to access the other account
and accept the peering connection.
Parameters:
PeerRequesterAccountId:
Type: String
Resources:
AcceptVpcPeeringRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Principal:
AWS: !Ref PeerRequesterAccountId
Action:
- 'sts:AssumeRole'
Effect: Allow
Path: /
Policies:
- PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: 'ec2:AcceptVpcPeeringConnection'
Resource: '*'