Reputation: 1143
How to manage user roles with AWS IAM Identity center?
I can't understand the logic behind AWS IAM Identity center. I am trying to move from IAM to IAM Identity center to federate access to multiple accounts. "Standard" IAM allows defining on a per-user level, I can't figure out how to do it in IAM identity center.
With Identity center, I assign permission sets to accounts and then assign users/groups to accounts as well...
How can I define which permissions sets each user has if permission sets are assigned on account, not the user level?
Here is a screenshot:
The console says that I can assigned permissions to a group
But when I start assigning permissions sets, they are assigned to ACCOUNTS only. So there is no way to say user X can only be PowerUser but not Administrator when accessing the account Y
Upvotes: 1
Views: 2140
Answers (2)
Reputation: 31
IAM Identity Center -> AWS Accounts -> Select your account -> Assigned users and groups -> Select your Group name -> Change permission sets button.
Upvotes: 1
Reputation: 1143
Despite the wording, when assigning policies and groups, AWS seems to do exactly what is expected – sets access per group and account.
It can be verified on the account page
My issue was that I separately added a user to all accounts outside of any groups, so changes to group access were not reflected on a user level. :(
Upvotes: 0
Related Questions
- IAM Roles and instance profile
- How to assign a role to an iam user?
- How to assign IAM role to users or groups
- Assuming roles when logged in via IAM Identity Center
- Managing AWS IAM Pass Role Permissions
- How can I allow a Group to assume a Role?
- AWS: Assinging IAM roles to IAM users
- Applying IAM roles to ECS instances
- Allow selected IAM users to switch role
- How can we apply IAM Roles to an ec2 instance?