Cross-account analyses for Reachability Analyzer

Reachability Analyzer analyzes the path between a source and destination. To analyze paths across multiple AWS accounts, enable trusted access for Reachability Analyzer with your organization from AWS Organizations. You can also register member accounts as delegated administrator accounts. A user in the management account can define paths and run analyses using sources and destinations from any account in the organization. A user in a delegated administrator account can define paths and run analyses using sources and destinations from any account in the organization other than the management account, plus any resources in the management account that were explicitly shared with the delegated administrator account.

For more information, see Visualize and diagnose network reachability across AWS accounts.

Pricing

There is no additional charge to run cross-account analyses.

Considerations

Before accounts in the organization can use this feature in an opt-in Region, the management account must enable the opt-in Region. For more information, see Enable a Region in your organization in the AWS Account Management Guide.
The accounts in the organization must be able to make calls to the AWS CloudFormation API in US East (N. Virginia) (us-east-1).
AWS CloudTrail logs are always written to US East (N. Virginia) (us-east-1).

Tasks

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Additional detail codes

Enable trusted access