Home
Blog
Product
November 6, 2023
2
min

Stream.Security introduces Cross Accounts connections via assume role

Explore how Stream Security can help you gain control over existing cross account connections and design risk free configuration changes...
Michael Schwartz
No items found.
IAM Role
IAM Role
EC2
EC2
S3 Bucket
S3 Bucket

TL;DR

Overview

As a DevOps engineer, there are cases where you need to provide cross-account access to the objects in your AWS account.
If you want to achieve that, you can use the cross-account assumption of IAM roles or resource-based policies. However, there are several problems when implementing these methods:

  • It is difficult to keep track of which resources have access to the various roles when managing multiple accounts
  • Provide the exact required IAM permissions to the user or the resource without being too over permissive, or not providing the appropriate permissions
  • Maintenance and staying in control : it is difficult to maintain all the various cross account relationships and resources when more and more resources and users are constantly being added to these accounts

With Stream Security, you can eliminate all of the above concerns and gain control of your cross-account access! Now we supports all methods of cross-account assume role, and will help you understand which resources and even users have access to another account, via which configuration.

Start using Stream Security to gain control over your existing infrastructure and design changes easily, and risk-free.

Cross-Account IAM-Roles

Cross-account IAM Roles are used to define access to resources within a single account, but they are not restricted to a single account. For example, The EC2 servers in your staging environment can safely get access to an S3 bucket in production by using a properly defined role to do so. Cross-account Role is the right tool to comply with best practices and simplify credential management, as it eliminates the need to manage third party credentials.

Cross account connection via assuming role policy

‍Cross account Resource-based Policies

With Resource-based policies, you can also grant cross-account access to your resources. Instead of using a role as a proxy, you can attach a policy directly to the resource you want to share. The resource that you want to share must support resource-based policies.

A resource-based policy with cross-account access has an advantage over a role-based policy. If a resource is accessed via a resource-based policy, the user still works in the trusted account and does not have to give up its user permissions in place of its role permissions. In other words, the user continues to have access to resources in the trusted account at the same time as he has access to the resource in the trusting account. This is useful for tasks such as copying information to or from the shared resource in the other account.

Resource cross-account inline policy

Cross account connection via resource based inline policy

Click here to Start your free trial now!

About Stream Security

Stream Security is an AI Detection & Response (AI DR) company built for the era of AI-driven environments across cloud, on-prem, and SaaS. As AI agents operate with real permissions and attackers move at machine speed, Stream enables security teams to keep pace by continuously computing a real-time, deterministic model of their entire environment. Powered by its CloudTwin® technology, Stream instantly understands the full impact of every action across identities, permissions, networks, and resources, allowing organizations to detect, prioritize, and safely respond to threats before they propagate. This transforms security from reactive detection into a true control plane for modern infrastructure.

Michael Schwartz
Related Articles
All
Product
articles >
Stream x Microsoft 365: Smarter, SaaS-Aware Threat Detection
Product
Stream x Microsoft 365: Smarter, SaaS-Aware Threat Detection
Stream now integrates with Microsoft 365 to cover Entra ID, DLP, SharePoint, Teams, Outlook, and OneDrive for unified, SaaS-aware threat detection.Get real-time visibility across identity, chat, files, and mail and detect token abuse, malicious OAuth apps, Teams-based phishing, and abnormal file activity from a single view.
Stream Team
Nov 10, 2025
3
min
Stream x Salesforce: Advanced Threat Detection to Stop the Next Drift-Style Breach
Product
Stream x Salesforce: Advanced Threat Detection to Stop the Next Drift-Style Breach
Stream now integrates with Salesforce for advanced threat detection. The integration provides in-depth detection capabilities that will help you catch Salesforce breaches in real time, including the recent Salesloft Drift compromise.
Asaf Haski
Sep 8, 2025
4
min
Stream x Snowflake: Extending Detection to DBaaS
Product
Stream x Snowflake: Extending Detection to DBaaS
Stream now integrates Snowflake audit logs directly into our SaaS and cloud detection framework. By including Snowflake activity as part of SaaS-sourced signals, we give SecOps teams complete visibility into how threats unfold across the chain of services connected to the cloud. This unified view closes the gaps that attackers target to ensure Snowflake is protected not just in isolation, but as part of the bigger cloud story.
Asaf Haski
Aug 28, 2025
6
min

We wouldn’t believe it either.

Get a demo