Cross-Account Access

Is it possible to access AWS resources located outside of localstack? I’m attempting to use the IoT Core MQTT broker in another AWS account that I currently have. I’ve attached the following policies to my lambda like I usually do in my SAM template:

  - AWSIoTDataAccess
  - AWSIoTEventsFullAccess
  - AWSIoTFullAccess

But I get a “Forbidden” error when I use the IoT Data AWS SDK in my lambda code. I assume this is a permissions issue that I need to fix, but I’m not sure how localstack handles access of AWS resources outside of localstack. What do I need to include in the CloudFormation template to give my lambda the correct permissions to access the AWS resources belonging to another AWS account?

Hi @hkaiser, a LocalStack instance can’t access resources outside of its own, including other LocalStack instances or AWS. It is however possible to have cross-account setups within LocalStack.

You can find the details at Cross-Account and Cross-Region Access | Docs (