We operate in an environment where our SnapLogic snaplex is in one AWS account (the trusted AWS account) and our S3 resources are in other AWS accounts (the trusting AWS accounts).
In most of our AWS S3 Accounts we have ‘IAM role’ enabled. Prior to the introduction of the “Cross Account IAM” capability we implemented cross account access by adding a resource-based policy (i.e. an S3 bucket policy) that granted access on the bucket to the principal in the trusted AWS Account (where SnapLogic groundplex nodes are). What are the pros and cons of using the “Cross Account IAM” capability which is a role for cross-account access vs using the resource-based policy?
In cases where using access-key ID and secret key, a similar question, Why use the “Cross Account IAM” capability when you could use resource-based policy to grant the access?