Is there a way to limit the management of users in Identity Center group to another Identity Center Group?

We have a multi-organization setup. I created Group A and Group B. Group B has permissions to perform some actions in accounts. We would like only users in Group A to be able to add or remove users from Group B. Is there a way to achieve this?

주제

보안, 신원 및 규정 준수

태그

AWS 자격 증명 및 액세스 관리 AWS IAM 자격 증명 센터

언어

English

ana

질문됨 6달 전139회 조회

2개 답변

최신
최다 투표
가장 많은 댓글

이 답변이 도움이 되었나요?커뮤니티가 여러분의 지식을 활용할 수 있도록 정답을 찬성하세요.

This approach is not suitable for default identity store directory or, in other words, when your identity store default one from AWS.

Maksym

답변함 9일 전

-1

Create an iam policy and attach to group A.

The policy should control the action CreateGroupMembership limited to the resources

Group (B)
User (*)
Identity Store (X)

All these resources need defining to allow group A to add any user to group B in identity site x.

https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsidentitystore.html

전문가

Gary Mclean

답변함 6달 전

Is there a way to limit the management of users in Identity Center group to another Identity Center Group?

관련 콘텐츠