AWS Ops Automator
AWS Ops Automator

Appendix B: Cross-Account Role ARN File

For customers who want to perform tasks on resources in a large number of secondary accounts, the AWS Ops Automator enables customers to add cross-account roles in bulk using a text file that contains a list of the Amazon Resource Names (ARNs) of the cross-account roles.

To use this feature, you must create a text file for each specific task in the TaskRoles folder in this solution’s Amazon Simple Storage Service (Amazon S3) bucket. Each file must contain a list of the cross-account ARNs for the specific task. Each cross-account role ARN must be on its own line. Empty lines and lines starting with # (comments) will be ignored. You must also save the text file as the exact name of the task.

# CreateSnapshot cross account roles   # test account arn:aws:iam::111122223333:role/CreateSnaphotRole   # acceptance accounts  arn:aws:iam::444455556666:role/CreateSnaphotRole arn:aws:iam::123456789012:role/CreateSnaphotRole   # production accounts  arn:aws:iam::777788889999:role/CreateSnaphotRole arn:aws:iam::000000000000:role/CreateSnaphotRole arn:aws:iam::111111111111:role/CreateSnaphotRole

Figure 3: Sample cross-account role ARN list file