Approaches presented herein can provide for end-to-end auditing of cross-account roles. A user associated with a first account might request some degree of access to resources associated with a second account. A role can be assumed by that user that delegates access to those resources, and the user can be issued temporary credentials to obtain the access. In order to provide for full auditing of these cross-account roles, calls that assume a role in one account can be linked to resource-related calls under a different account, which can include a third party account. Information can be obtained from both accounts that can be linked using an identifier provided to each environment as part of the role assumption. The linking can provide a full audit chain from end user to resource access across the separate accounts.
展开▼
