AWS re:Post Knowledge Center Feedback Survey

Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.

How do I use IAM Identity Center permission sets?

2 minute read

I want to use AWS IAM Identity Center permission sets to provide users and groups access to an AWS account.

Resolution

To use IAM Identity Center permission sets to grant users and groups access to an account, create a permission set. Then, assign users and groups in the account. Finally, confirm in the user portal that the users and groups have the correct permissions.

Create a ViewOnlyAccess permission set

Open the IAM Identity Center console.
In the navigation pane, under Multi-Account permissions, choose Permission sets.
Choose Create permission set.
On the Select permission set type page, under Permission set type, choose Predefined permission set.
Under Policy for predefined permission set, choose ViewOnlyAccess, and then choose Next.
On the Specify permission set details page, choose Next.
On the Review and create screen, choose Create.
Note: The console displays "The permission set "ViewOnlyAccess" was successfully created."

Assign permission sets to the accounts

Open the IAM Identity Center console.
In the navigation pane, under Multi-account permissions, choose AWS accounts.
On the AWS accounts page, select one or more AWS accounts where you want to assign single sign-on access.
Choose Assign users or groups.
On the Assign users and groups to AWS-account-name, for Selected users and groups, choose the users for the permission set.
Choose Next.
On the Review and submit assignments to AWS-account-name page, for Review and submit, choose Submit.
Note: The console displays "We reprovisioned your AWS account successfully and applied the updated permission set to the account."

Verify that the user has ViewOnlyAccess permissions

Open the IAM Identity Center console.
In the navigation pane, choose Dashboard.
On the Settings page, under Summary, choose AWS access portal URL.
Use your IAM Identity Center user name and password to log in to the access portal.
Choose AWS Account.
Choose the Account dropdown list to view the ViewOnlyAcccess permissions.
For the ViewOnlyAccess permissions, choose Management console.

Topics: Security, Identity, & Compliance
Tags: AWS IAM Identity Center
Language: English

Relevant content

IAM Identity Center: Grant S3 Access to One Group Member Without Assigning Permissions Directly
KARTHIK PT
asked 9 months ago
Can i use identity center user or permission sets as master user in amazon opensearch?
Accepted Answer
Sonic
asked a year ago
No access error during access to Management Console from the Access Portal for an IAM Identity Center's user with AdministratorAccess &/| PowerUserAccess permission sets
rePost-User-1613348
asked a year ago
How to control per user per account permissions with IAM identity center?
rePost-User-7313203
asked 3 years ago
API for creating permission sets in Identity store
anu
asked a year ago
How can I resolve the IAM Identity Center error message "This permission set is currently provisioned in ## AWS accounts"?
AWS OFFICIALUpdated 5 months ago
How do I reduce a policy size within an IAM Identity Center permission set?
AWS OFFICIALUpdated 3 days ago
How does IAM Identity Center affect my IAM identities or federation configuration?
AWS OFFICIALUpdated 5 months ago
How do I resolve a 402 status error in IAM Identity Center?
AWS OFFICIALUpdated 2 years ago
Support Automation Workflow (SAW) Runbook: Contain a compromised Identity and Access Management (IAM) User/Role
EXPERT
Maya Karalic
published a year ago