I have an organization with 4 accounts.
- Management/organization: 000000000000
- Common: 111111111111
- Dev: 222222222222
- Prod: 333333333333
I have configured an OpenID Connection with GitHub Actions (GHA) in the IAM of the Management account.
I would like to set up the following structure, the GHA communicates with the Management account. In the Management account there is a role that allows the GHA to access the Common and Dev accounts.
In other words, instead of me having roles in the Common and Dev accounts that allow my Management account to access resources from the Common and Dev accounts. I would like the opposite scenario, my Management account that has the roles to access Common and Dev.
Is it possible to centralize all my functions and policies in the Management account and then my Management account provides access to my "sub accounts"?