AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관

aws iam identity center user add account role

0

I in my ORG I have a user added via identity center. That user only has "user" type perms as described by the groups in identity center. However, this user needs to have a specific role added to him for an account in the ORG.

How do I go about adding the role for that one user? Or do I need to add a new group in identity center with that role and assign it to that user?

2개 답변
0

You would create a Permission Set and assign the permission set to that user.

profile pictureAWS
전문가
답변함 10달 전
profile picture
전문가
검토됨 10달 전
0

Hi,

You can manage your users individually or with groups.

For scalabitliy the recommendation is to use groups. Groups are useful when assigning access to AWS accounts and applications. Rather than assign each user individually, you give permissions to a group. Later, as you add or remove users from a group, the user dynamically gets or loses access to accounts and applications that you assigned to the group.

However, you can assign permisos directly to users using permission sets. A permission set is a template that you create and maintain that defines a collection of one or more IAM policies. Permission sets simplify the assignment of AWS account access for users and groups in your organization. For example, you can create a Database Admin permission set that includes policies for administering AWS RDS, DynamoDB, and Aurora services, and use that single permission set to grant access to a list of target AWS accounts within your AWS Organization for your database administrators.

IAM Identity Center assigns access to a user or group in one or more AWS accounts with permission sets. When you assign a permission set, IAM Identity Center creates corresponding IAM Identity Center-controlled IAM roles in each account, and attaches the policies specified in the permission set to those roles. IAM Identity Center manages the role, and allows the authorized users you’ve defined to assume the role, by using the IAM Identity Center User Portal or AWS CLI. As you modify the permission set, IAM Identity Center ensures that the corresponding IAM policies and roles are updated accordingly.

References:

I hope this helps.

AWS
답변함 10달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠