Stop Getting 'Access Denied': Fixing Cross-Account Access in AWS with IAM STS

If you've ever worked in a multi-account AWS environment, you've probably hit the dreaded AccessDenied error when trying to access resources across accounts. Whether it's sharing data between dev and prod accounts, aggregating logs to a central security account, or enabling cross-team collaboration, cross-account access is essential—but it's also where many engineers struggle. In this post, I'll show you exactly how to implement secure cross-account resource access using AWS Identity & Access Management (IAM) with AWS Security Token Service (STS) with a real-world example: a Lambda function that tracks the International Space Station's location and stores the data in an S3 bucket in a different AWS account. Prerequisites Have Terraform installed Have access to 2 AWS accounts 🏗️ The Architecture Here's what we're building: Account A (Source): Lambda function that fetches ISS position data IAM execution role with permission to assume a role in Account B EventBridge trigger (runs every 5