For STS role authentication, depending on where the guest instance and the access nodes (proxies) reside, you can configure a virtualization client (hypervisor) for AWS to use a separate admin account or a tenant account.
-
To authenticate by using the admin account ARN, if the access node and the guest instance are in the same account, see Authenticating with Admin Account ARN.
-
To authenticate by using the tenant account ARN, if the access node is in the admin account and the guest instance is in the tenant account, see Authenticating with Tenant Account ARN.