Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Create an administrator-like profile/role outside the management account

0

I have multiple accounts in Organizations and wanted a way to manage them securely. I want to create a user or give my user permission as if they were an administrator (in this multiple accounts), so I don't have to use the management account. What's the best way to do this?

I saw that I can use permission boundaries, but I didn't find examples of how it would be applied to an administrator-like user or how I can write a policy and permission boundaries in this case for an administrator. Besides that, would any other action be recommended? Any blockage on the management account? Thanks!

Themen
Sicherheit, Identität & KonformitätManagement & Unternehmensführung
Tags
AWS IAM IdentitätszentrumAWS KontoverwaltungIAM-Richtlinien
Sprache
English
natte
gefragt vor 7 Monaten195 Aufrufe
2 Antworten
1

Hello.

If you are using Organizations, you can use SCP to restrict operations.
You might be able to accomplish what you want using this.
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor 7 Monaten
0

You might want to also check out delegated administration. Delegated administration provides a convenient way for assigned users in a registered member account to perform most IAM Identity Center administrative tasks. More here: https://docs.aws.amazon.com/singlesignon/latest/userguide/delegated-admin.html

profile pictureAWS
mvmandel-aws
beantwortet vor 6 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt