You can configure an Amazon EC2 hypervisor (which represents an AWS account) for STS role authentication, if the access node and the guest instance are in the same Amazon account.
STS role authentication allows an AWS admin IAM user/role to assume the permissions of an AWS tenant IAM user/role.
You can use the following deployment methods:
-
Single account: The access node and the guest instance can be in the same AWS account.
-
Multi-account: The access node and the guest instance can be in separate AWS accounts.