You can use an assume role for existing Identity and Access Management (IAM) users to access AWS resources that they don't already have access to or to access resources in another AWS account. To configure an assume IAM role and enable the same account or cross-account API access, you need to establish a trust relationship between the two accounts.
You can use the following process to establish a trust relationship between an existing IAM user account and other AWS accounts:
Create a trusting entity. A trusting entity is an account that owns the Amazon S3 bucket and has an IAM Role to be assumed.
Create a trusted entity. A trusted entity is an account where the IAM user is managed.
Use the AWS Security Token Services (STS) to generate the temporary session credentials through assume role.