- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
No, there is no such mechanism, with which you can assign policies to IAM roles in multiple accounts.
Closest thing you can do is described here at Using identity-based policies (IAM policies) for AWS Organizations.
Within an account, you can create customer managed policy and use that in as many role as you want but that can't be shared across the multiple accounts.
Since your use case is not mentioned here, I could think of role chaining as well, where one role can assume another role but that would require trust relationship to be updated for target account role. Refer Role chaining and https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining.
Hope this helps.
Comment here if you have additional questions, happy to help.
Abhishek
Yes AWS IAM Identity Center helps you securely create or connect your workforce identities and manage their access centrally across AWS accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization on AWS for organizations of any size and type.
You can learn more about AWS Identity Center, in AWS documentation. --> https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
In addition, you can read my blog on Strengthening Security in AWS Control Tower through Centralized IAM Identity Center. --> https://www.awsyarn.com/strengthening-security-in-aws-control-tower-through-centralized-iam-identity-center/
You could also use CloudFormation StackSets, New: Use AWS CloudFormation StackSets for Multiple Accounts in an AWS Organization.
Contenuto pertinente
AWS UFFICIALEAggiornata un anno fa- Come posso risolvere gli errori relativi alle autorizzazioni sulle risorse AWS in Amazon QuickSight?AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 3 anni fa