Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Trust policy for the IAM_Role_Cost_Explorer that allows the LHM LHO Application IAM Role in the app-host AWS Account to assume the cost explorer role:

Code Block
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<LHM_App_Host_AWS_Account_ID>:role/<LHM_App_IAM_Role>"
            },
            "Action": "sts:AssumeRole",
        }
    ]
}

...

LHO application IAM Role permission policy:

Code Block
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AssumeCostExplorerRole",
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::<Databricks_Wksp_AWS_Account_Id>:role/<IAM_Role_Cost_Explorer>"
        }
    ]
}

...