Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Why can't I see the permissions attached to a user in IAM?

0

When I set up the users on my account I used this link https://awspolicygen.s3.amazonaws.com/policygen.html to generate the json giving them the specific access rights to the specific services and resources I wanted, and I copied and pasted that into something in the set up.

I know that after that initial set up, I then went back to users in IAM and was able to alter the json to further expand or limit their permissions.

The problem is now I can't find my way back to that. When I look at my users in IAM, under 'Permissions' they have in the 'Permissions Policies' section it says "No resources to display". The users also do not belong to any groups. So my questions are:

  1. Why can't I see the permissions a user has?
  2. Why does it look like my users have 0 permissions?
  3. Where is the json that I initially generated and then later edited to set their permissions?
  • Ben
    10 mesi fa

    I'm an idiot. The permissions were attached to the resources, not the users. But that feels counterintuitive that a user can have permission to access stuff but you can't see what resources a user has access to in IAM.

Argomenti
Sicurezza, identità e conformità
Tag
Gestione identità e accesso AWSPolitiche IAM
Lingua
English
Ben
posta 10 mesi fa346 visualizzazioni
1 Risposta
0

Hi, the policy generator that you used is a helper to create json with proper syntax but it doesn't create them in IAM. You have to do it yourself by copying and pasting the generated policies to the AWS IAM console of your accounts after you chose which users to attribute those policies to.

The documentation on how to change permissions of a given user: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html

Hope it helps

Didier

profile pictureAWS
ESPERTO
Didier_Durand
con risposta 10 mesi fa
profile picture
ESPERTO
JimmyDqv
verificato 10 mesi fa
  • Ben
    10 mesi fa

    I know it doesn't create them, I did the copy and paste and set the users up right. The users have the access I gave them. For example they can put the right kinds of file in the right folders in the right S3 buckets. The problem is that I can't find my way back to see what permissions the user has. When I look at the user in IAM, it looks like they have no permissions. I can't find where the permissions I previously defined for them are.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente