How do I access AWS instances created by other users in my organization?

Solution 1:

This is a little late, but might be useful for future readers.

The main benefits of AWS Organizations are that you can use it for consolidated billing (i.e. one bill for multiple accounts), logical groups of accounts and service control policies, which limit Access to certain parts of the AWS API on the Basis of a Black- or a Whitelist. Each account in an Organization still has their own users, roles, permissions and resources.

Short form: Organizations make it easier to manage multiple accounts, but these accounts are still isolated.

There are a few patterns to give access to resources in "child" accounts to IAM Users in the Root Account - they mostly depend on Assuming Roles in the child-Accounts with Users in the Root Account.

Here are some links for further research:

  • Billing Strategies for multiple Accounts
  • Tutorial: Cross Account Access

Solution 2:

I think this is a little complicated.

The best way to avoid this problem is to create other users as IAM users, then they should share the same given resource.

In case this already happening as also in my case.

  1. Access as root user
  2. Select IAM Menu then select Roles
  3. Create A New Role
  4. Select Another AWS Account as your trusted entity
  5. Set Access Permission for that account to access your resources, such as S3FullAccess.

These steps should work. Reference:

  • Tutorial; Cross Account Access