Consider a hypothetical organization XYZ Corp with multiple AWS account IDs: IT – 123456789012 Prod – 112233445566.

Figure 1. Cross-Account Assume Role

In a general deployment, the XYZ Corp would require an Access Key ID and Secret Access Key to create NSX Advanced Load Balancer Service Engine cloud in AWS for each account. Sharing the AWS access keys for respective accounts would be a security concern with this.

In addition to this, it would be cumbersome to track all the keys and update them. Instead AWS IAM Roles can be used in every account. The IAM roles feature provides access to the AWS resources or API access across AWS accounts.