AWS allows users of one AWS account to assume roles in other AWS accounts, allowing you to log into one account, assume a role in another account, and issue API commands as if you had signed into the second account. This means all users can sign into one central account, then assume the roles of other accounts based on a job role.
- Create an S3 policy with the required permissions (see this article).
- Create a role within AWS that uses the above policy.
- Assign this role a trusted relationship with "