Combined Access Overview

You sometimes don’t want to permit EC2 instances to assume the role due to security or other considerations. Then, you can leverage the combined access method.

As depicted in the following diagram, we use key-based access to access the gateway account. The created user can assume the role in the monitored accounts. This way, you can install the Front Server anywhere if it has access to the AWS website.