In order to verify that WorkSpaces Manager can has access to multiple account’s resources, we will need to use the AWS CLI.

First, proceed to install AWS CLI v2 on the WorkSpaces Manager server. Process is fully defined here ( For Windows, from a Powershell session with admin rights, run:

msiexec.exe /i

This will take 2-3 minutes to complete following the assistant:

To confirm the installation, from a new command-prompt or Powershell session, run command:
aws ‑‑version

Since WorkSpaces Manager has an EC2 role assigned that grants some permissions on it, from a new Powershell Window, we will run the command:
aws s3 ls

For this to be tested on multi-accounts, we need to modify the .aws/credentials file on our profile by running command:
aws configure

A menu will ask for some details:
AWS Access Key ID: keep blank
AWS Secret Access Key: keep blank
Default region name: use yours (in our case eu-central-1)
Default output format: json (recommendation)

This will create a new directory called .aws that can be seen with the commands:
cd .aws

There will be a file “config” created, so we need to manually create a file called “credentials” with the command:
New-Item credentials

We will edit the file by typing the command:
notepad credentials
Which will open the text editor for us to put the following:
region = eu-central-1
output = json

role_arn = arn:aws:iam::222222222222:role/AllowWSMAccess
credential_source = Ec2InstanceMetadata

We will verify our role with command:
aws sts get-caller-identity

Finally, we can check the permissions on the local account by running command:
aws s3 ls

And remotely:
aws s3 ls ‑‑profile remote

If you receive a message that role could not be assumed, you need to verify the steps to assure that all is properly configured.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment