...
Trust policy for the IAM_Role_Cost_Explorer that allows the LHM LHO Application IAM Role in the app-host AWS Account to assume the cost explorer role:
Code Block |
---|
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<LHM_App_Host_AWS_Account_ID>:role/<LHM_App_IAM_Role>" }, "Action": "sts:AssumeRole", } ] } |
...
LHO application IAM Role permission policy:
Code Block |
---|
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AssumeCostExplorerRole", "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::<Databricks_Wksp_AWS_Account_Id>:role/<IAM_Role_Cost_Explorer>" } ] } |
...