Reputation: 29
AWS - How to give an IAM Identity user access to console
I want to create a user with to access the AWS console. In the past, I would have just created an IAM user, but AWS now recommends creating an "IAM Identity".
Following AWS's recommendations I created an IAM Identity. Since there is nowhere on the IAM Identity page to give console access to the user, I went back to the IAM page where the only option was to to create a new user.
When I click the radio button that gives the user console access, it gives me the option to "Specify a user in Identity Center". Specify a user in Identity Center
When I click "Next" I get this popup and I click "Manage in Identity Center" Manage in Identity Center
This just takes me to the Identity Center and the workflow ends. I can click on users and select the user but there is no way to continue the process of giving them console access.
Basically AWS is just sending me around in circles. What am I missing?
Upvotes: 3
Views: 2193
Answers (1)
Reputation: 21
The official documentation is rough here.. hopefully this helps others.
Create the User in AWS Identity Center
This is pretty straight forward. You will need to be in the AWS Identity Center. The checkbox from AWS IAM will redirect you here.
Make sure this new user has appropriate permission through groups & account access
For this you will want to create a group (e.g. Admins) and a permission set (e.g. AdminPolicy). Then on the Account listing heirarchy you can assign the Account the Group and Permission Set. This gives access to these groups and permission sets to that account. Note here we mean 'AWS Account' not the user you just created.
Once that's done, you can assign the identity center user you are trying to give console access to to that group and they should have access to that account with the permission level provided by the groups permission set... still with me?
Access the AWS Access Portal for the user
Once the user was invited in previous step they will receive a welcome email to setup their password and access their AWS Access Portal. This will show the accounts they have access to. Clicking on the account will.. TADA take you into the AWS Management Console where they will only have the ability to access resources according to their permission level..
Upvotes: 2
Related Questions
- How do I provision a permission set to an AWS account in IAM Identity Center?
- How does one find AWS access portal URL in AWS Management Console?
- What is the difference between users presented in Identity and Access Managenment (IAM) and IAM identity center?
- AWS - IAM Identity Center configuration delete
- How to manage user roles with AWS IAM Identity center?
- Difference between IAM role and IAM user in AWS
- How to add access to EKS aws-auth config map for users managed by IAM Identity Center
- How do I log in to AWS Console with an IAM user account?