Reputation: 775
AWS - Create an independent sandbox for an existing IAM user
I am trying to create a new project inside my organization that is going to have his own budget. I am trying to have an independent project inside my organization called sanbox-aws-de with it's own budget and the owner of this project would be [email protected] (I just want him to be able to loggin into that project, create resources and delete resources)
This is the current overview of my organization on AWS (I changed project names, IDs and emails):
I recently created a new project called sanbox-aws-de. I want the owner of this new project to be John Doe ([email protected]). When I tried to create the project sanbox-aws-de with [email protected], it did not work because "the email already exists".
So what I have done is I created the account as [email protected]. The new project was successfully created but I am not sure it's what I am looking for and not sure what would be the correct way to loggin.
I tried to loggin into the new account as John Doe but it did not work:
How can I create a simple independent project for John Joe with his own budget for the project?
Upvotes: 2
Views: 699
Answers (1)
Reputation: 1722
The console you have open (in the last screenshot) is for IAM Users, but you are attempting to sign in with the root account credentials (which are based on the email address you used to create the account).
It sounds like you want to sign in as an IAM User in the new account you have created. To do this need to create an IAM User in that account. You need to assume a role in the new account, or sign in with the root credentials (i.e. the email [email protected] and password), and then create the IAM User.
You can get to the root user sign in via the "Sign in using root user email" link below the sign in button in your screenshot. If you don't have the password for that root user (because you created it via AWS Organizations), you will need to do a reset password on it.
Ideally you would not use IAM Users for humans, and instead use SSO to manage access, but it doesn't sound like you're using it currently and setting it up is beyond a StackOverflow post. AWS has a service for SSO, and you can get started with it relatively easily if you're inclined.
Upvotes: 4
Related Questions
- How to create an IAM user with full access except for admin
- Create team/group with access to own resources only
- AWS IAM Access for Developers (Sandbox)
- Create an IAM user to give access to perform certain tasks in AWS EC2
- Can we create one IAM User that has access to create other IAM users in AWS
- Can a IAM user create another "sub" IAM user himself?
- create a read-only IAM user in AWS
- How to manage multiple IAM users on a single EC2 instance?
- iam user per application
- AWS IAM user role or policy self contained