Reputation: 2274
Hide services from management console
I have setup IAM permissions for a certain group to only have read only access to S3, however, the group can still see all the other services in the management console and go into them. As soon as the user tries to do something, a message will read "Not authorised" and so on, however, I would like this group to only see the one service in the management console.
So when a user from this group logs in, all they see is S3.
How is this possible ?
Upvotes: 2
Views: 1433
Answers (1)
Reputation: 64741
Hiding services from the AWS Management Console is not possible right now, unfortunately. AWS is currently redesigning the console though, and this might include such options down the road as per the respective FAQ Why are you changing the console design?:
Our goal is to improve information display, make interactions more consistent, support devices such as tablets, and deliver a customizable experience. You will see these improvements and visual updates rolled out across our services over the coming months. [...] [emphasis mine]
However, at this point the mentioned customizable experience likely only refers to the recently introduced Resource Groups and Tagging for AWS, which allow you to easily create, maintain, and view a collection of resources that share common tags:
[...] By default, the AWS Management Console is organized by AWS service. But with the Resource Groups tool, you can create a custom console that organizes and consolidates the information you need based on your project and the resources you use. If you manage resources in multiple regions, you can create a resource group to view resources from different regions on the same screen.[emphasis mine]
Based on this new cross region Resource Groups approach, it is indeed possible to create and share a resource group that is constrained to the resource type S3 Buckets (i.e. the initial view would be limited to just S3 buckets) - however, just like with the regular console view, this doesn't prevent your users to roam freely around other areas of the console by themselves, i.e. you cannot enforce the desired limitation, rather only guide in this direction.
Upvotes: 4
Related Questions
- How to remove assumed IAM role from local
- Hide regions not available to AWS IAM user
- Is it possible to have a "no-op" IAM policy?
- AWS Management Console Menu and Permissions
- aws iam - prevent iam group or account from provisioning any services
- How a limited access to AWS Web Console can be provided?
- Disable programmatic access to AWS
- Hide EC2 Instances from other IAM users
- AWS resources hide/disable for IAM users
- Console view restriction by tag