AWS Multi-Account Access Authorization
When you add an AWS Multi-Account Access card to a flow for the first time, you'll be prompted to configure the connection to the relevant AWS IAM Identity Center account. After saving your account information you'll be able to reuse the connection for future AWS Multi-Account Access flows.

Tip
You can create multiple connections and manage them from your Connections page.
To create a new connection from an action card:
-
Click New Connection.
-
Enter a Connection Nickname. This is useful if you plan to create multiple AWS IAM Identity Center connections to share with your team.
-
Copy the ID from Account ID to the associated role's trust policy. See Providing access to AWS accounts owned by third parties.
-
Copy the ID from External ID the associated role's trust policy. See Providing access to AWS accounts owned by third parties.
-
Enter a Role Amazon Resource Name (ARN). See IAM Identifiers.
-
Click Create.

The role you create for AWS Multi-Account Access operations must have an IAM policy attached to it that allows the actions in the following policy example:
{
"Version": "2012-10-17",
"Statement":
[
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action":
[
"sso:ListAccountAssignments",
"organizations:ListAccounts",
"sso:ListPermissionSets",
"sso:CreateAccountAssignment",
"sso:ListInstances",
"sso:DeleteAccountAssignment",
]
"Resource": "*"
}
]
}