AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관

IAM Identity Center created user: "You have no applications"

0

Hello,

I have started configuring users via AWS Identity Center and I have created an Identity Center group with restricted permissions where I only have attached the AWS managed "CloudWatchLogsReadOnlyAccess " policy. When I try to log into the console I get "you have no applications". Below it seems like the permission set is "Not provisioned", what crucial step have I overlooked and what's the right process for creating groups and permission sets for Identity Center for console users? I have followed https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html

Thanks in advance,

IAM Identity Center Permission sets: cloudwatch-readonly-sso-test

Permission set name cloudwatch-readonly-sso-test

Created date February 02, 2024, 16:32 (UTC) Provisioned status: Not provisioned

Policy name Type Description CloudWatchLogsReadOnlyAccess AWS managed Provides read only access to CloudWatch Logs

질문됨 10달 전641회 조회
1개 답변
0

Hi Ohuk2, A permission set not provisioned refers to a permission set that has been created in AWS Identity Center, but not yet associated or applied to any target (such as an AWS account, OU, or user). After you created a Permission Set, and you have attached to it some permission, you need to define which IAM Identity Center Users or Groups can access which Accounts within your Organization with that permissions.

To do so, you should start from "AWS Accounts" under "Multi-account permissions" of the IAM Identity Center menu. Here you have to select the Account(s) where you want to grant the permissions to, then the User(s) or Group(s) you want to give that permissions, and finally the permission set(s) you want to use to assign the intended rights.

Last, but not least: The user and group assignment process might take a few minutes to complete, you have to leave the page open until the process successfully completes.

This create a relationship between Account-User/Group-Permission Set.

After this is done, the User should be able to login to the AWS access portal URL and, once authenticated, see the accounts where he/she can actually work, with the Permission Set(s) you specified.

Did you follow these steps and still the Permission Set is shown as Not Provisioned ?

What Identity Source are you using ? The IAM Identity Center Directory or an External federated IDP ?

profile pictureAWS
답변함 10달 전
profile picture
전문가
검토됨 8달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠