An organization has multiple AWS accounts to isolate a development environment from a testing orproduction environment. At times the users from one account need to access resources in the otheraccount, such as promoting an update from the development environment to the productionenvironment. In this case the IAM role with cross account access will provide a solution. Crossaccount access lets one account share access to their resources with users in the other AWSaccounts. Reference: http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf