How to give Application access to IAM Identity Center users
I want to give access to CodeCommit. I have created a user and group within IAM Identity Center users. There is no place to give access to this user. Please suggest!
- 新しい順
- 投票が多い順
- コメントが多い順
CodeCommit access is managed through IAM policies, more specifically so called Identity-based policies (see IAM policy overview). These policies allows a user to call the CodeCommit APIs.
In the context of the Identity Center, these policies exist in so called Permission Sets, which can have inline-policies, customer managed policies and AWS managed policies attached to them.
When granting permission to a user or group, you assign them to an AWS account and select a permission set that has the required policy documents, which in your case for example allows them to call the CodeCommit APIs in the specified AWS account. See the Assign user access section in our docs.
This in turn creates a corresponding IAM role in the target account with the policy documents. Your user can then assume this role through the Identity Center login portal (you can find the link for that in the Identity Center settings -> Identity source tab -> "AWS access portal URL") or the aws cli.
Once the user has assumed the role through the Identity Center, they can interact with CodeCommit by navigating to it in the AWS console or call the APIs directly by using the cli.
Hope this helps: https://repost.aws/knowledge-center/assign-user-access-aws-sso, in particular this sub link: https://docs.aws.amazon.com/singlesignon/latest/userguide/assignuserstoapp.html
