diff --git a/tidb-cloud/premium/tidb-cloud-auditing-premium.md b/tidb-cloud/premium/tidb-cloud-auditing-premium.md
index ff903b5cfe250..da01176f3cdc6 100644
--- a/tidb-cloud/premium/tidb-cloud-auditing-premium.md
+++ b/tidb-cloud/premium/tidb-cloud-auditing-premium.md
@@ -177,6 +177,51 @@ For more information, see [Create a bucket](https://www.alibabacloud.com/help/en
 
 5. Copy the **Role ARN** (for example: `acs:ram::<Your-Account-ID>:role/tidb-cloud-audit-role`) for later use.
 
+
+**Cross-Account OSS Bucket Configuration**
+
+If the OSS bucket storing the audit logs and the role accessing the OSS bucket are in different cloud accounts, the configuration process is slightly different.
+
+**1. RAM Policy Configuration**
+When creating the RAM policy, you need to add the information of User Account 2 in the Resource field. Define the policy using the following JSON script:
+
+```json
+{
+  "Version": "1",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": "oss:PutObject",
+      "Resource": "acs:oss:oss-<region>:<User Account 2>:<bucket-name>/*"
+    }
+  ]
+}
+```
+
+**2. Bucket Policy Configuration**
+In addition, you also need to configure a Bucket Policy on the destination OSS bucket to allow the assumed role from the different account to access it. Use the following configuration:
+
+```json
+{
+    "Version": "1",
+    "Statement": [
+        {
+            "Action": [
+                "oss:GetObject"
+            ],
+            "Effect": "Allow",
+            "Principal": [
+                "arn:sts::<User Account 1>:assumed-role/<role-name>/*"
+            ],
+            "Resource": [
+                "acs:oss:*:<User Account 2>:<bucket-name>/*"
+            ]
+        }
+    ]
+}
+```
+
+
 #### Step 3. Enable audit logging
 
 In the TiDB Cloud console, go back to the **Database Audit Log Storage Configuration** dialog where you got the TiDB Cloud account ID, and then take the following steps: