Create an administrator-like profile/role outside the management account

I have multiple accounts in Organizations and wanted a way to manage them securely. I want to create a user or give my user permission as if they were an administrator (in this multiple accounts), so I don't have to use the management account. What's the best way to do this?

I saw that I can use permission boundaries, but I didn't find examples of how it would be applied to an administrator-like user or how I can write a policy and permission boundaries in this case for an administrator. Besides that, would any other action be recommended? Any blockage on the management account? Thanks!

トピック

セキュリティ、アイデンティティ、コンプライアンス管理とガバナンス

タグ

AWS IAM アイデンティティセンター AWS アカウントマネジメント IAM ポリシー

言語

English

natte

質問済み 7ヶ月前195ビュー

2回答

新しい順
投票が多い順
コメントが多い順

Hello.

If you are using Organizations, you can use SCP to restrict operations.
You might be able to accomplish what you want using this.
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html

エキスパート

Riku_Kobayashi

回答済み 7ヶ月前

You might want to also check out delegated administration. Delegated administration provides a convenient way for assigned users in a registered member account to perform most IAM Identity Center administrative tasks. More here: https://docs.aws.amazon.com/singlesignon/latest/userguide/delegated-admin.html

mvmandel-aws

回答済み 6ヶ月前

Create an administrator-like profile/role outside the management account

関連するコンテンツ