Update cross-account docs

localstack · Nov 3, 2023 · 58899f3 · 58899f3
1 parent bc8fb5a
commit 58899f3
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 6 deletions.
diff --git a/content/en/references/credentials.md b/content/en/references/credentials.md
@@ -5,7 +5,7 @@ categories: ["LocalStack"]
 tags: ["access-key-id", "secret-access-key", "account-id"]
 weight: 50
 description: >
-  Credentials for accessing LocalStack services
+  Credentials for accessing LocalStack AWS API
 ---
 
 Like AWS, LocalStack requires access key IDs to be set in all operations.
@@ -14,12 +14,12 @@ Values of secret access keys are currently ignored by LocalStack.
 
 Access key IDs can be one of following patterns:
 
-### Accounts IDs
+## Accounts IDs
 
 You can specify a 12-digit number which will be taken by LocalStack as the account ID.
 For example, `112233445566`.
 
-### Structured access key ID
+## Structured access key ID
 
 You can specify a structured key like `LSIAQAAAAAAVNCBMPNSG` (which translates to account ID `000000000042`).
 This must be at least 20 characters in length and must be decodable to an account ID.
@@ -34,7 +34,9 @@ Disabling the access key safeguard and using production access key IDs may cause
 We strongly recommend leaving it on.
 {{< /alert >}}
 
-### Alphanumeric string
+Please refer to the [IAM docs]({{< ref "user-guide/aws/iam" >}}) to learn how to create access keys in LocalStack.
+
+## Alphanumeric string
 
 You can also specify an arbitrary alphanumeric access key ID like `test` or `foobar123`.
-In all such cases, the account ID will be evalutated to `000000000000`.
+In all such cases, the account ID will be evaluated to `000000000000`.
diff --git a/content/en/references/cross-account-access.md b/content/en/references/cross-account-access.md
@@ -17,9 +17,48 @@ Cross-account support in LocalStack is being actively developed.
 Please report any issues on our [GitHub issue tracker](https://github.com/localstack/localstack/issues/new/choose).
 {{< /alert >}}
 
+Cross-account/cross-region access happens when a client attempts to access a resource in another account or region than what it is configured with:
+
+{{< command >}}
+#
+# Create a queue in one account and region
+#
+
+$ AWS_ACCESS_KEY_ID=111111111111 awslocal sqs create-queue \
+    --queue-name my-queue \
+    --region ap-south-1
+{
+    "QueueUrl": "http://sqs.ap-south-1.localhost.localstack.cloud:443/111111111111/my-queue"
+}
+
+#
+# Set some attributes
+#
+
+$ AWS_ACCESS_KEY_ID=111111111111 awslocal sqs set-queue-attributes \
+    --attributes VisibilityTimeout=60 \
+    --queue-url http://sqs.ap-south-1.localhost.localstack.cloud:443/111111111111/my-queue \
+    --region ap-south-1 
+
+#
+# Retrieve the queue attribute from another account and region.
+# The required information for LocalStack to locate the queue is available in the queue URL.
+#
+
+$ AWS_ACCESS_KEY_ID=222222222222 awslocal sqs get-queue-attributes \
+    --attribute-names VisibilityTimeout \
+    --region eu-central-1 \
+    --queue-url http://sqs.ap-south-1.localhost.localstack.cloud:443/111111111111/my-queue
+{
+    "Attributes": {
+        "VisibilityTimeout": "60"
+    }
+}
+{{< /command >}}
+
 ## Cross-Account
 
-Resources that can be accessed across multiple accounts are always identified by their Amazon Resource Names (ARNs).
+Resources that can be accessed across accounts are identified by their Amazon Resource Names (ARNs) or other schemes such as SQS Queue URLs.
 The full list of resources and operations that allow cross-account access are listed below.
 
 {{< alert title="Note">}}