Tracking what's going on in an AWS account is relatively straightforward but things get more complex when you're trying to work across multiple accounts. That can happen when different parts of the business sign up to separate accounts. Jigar Mistry has put together a guide on securely analysing data from one AWS account from another account using EMRFS (Elastic MapReduce File System).
Jigar Mistry's guide describes how to use a custom credentials provider to access S3 objects that cannot be accessed by the default credentials provider of EMRFS.
It explains how EMRFS obtains credentials to sign API calls to S3, how you can implement a custom credentials provider for EMRFS to access objects in an S3 bucket that otherwise could not be accessed using the default credentials provider and how to configure cross-account S3 API access and use EMRFS to provide custom credentials.
"This enables your big data applications running on EMR to access data stored in an S3 bucket belonging to a different account," Mistry explains.
There's a detailed walk-through that describes everything you need to know from identifying a credentials provider, through to account creation and configuration, and final implementation.