AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

How to control per user per account permissions with IAM identity center?

0

I am struggling with IAM Identity center. I want to make sure user Y can only assume power user role when accessing account Z. It is not clear to me how I can achieve that when all permissions sets are assigned on an account level and not a user level.

I have the following permissions sets assigned to an account Enter image description here The console says that I can assigned permissions to a group Enter image description here But when I start assigning permissions sets, they are assigned to ACCOUNTS only. So there is no way to say user X can only be PowerUser but not Administrator when accessing the account Y Enter image description here

Here is the stack overflow questions (that doesn't have an answer) https://stackoverflow.com/questions/74417061/how-to-manage-user-roles-with-aws-iam-identity-center

주제
보안, 신원 및 규정 준수관리 및 거버넌스
태그
보안, 신원 및 규정 준수AWS 자격 증명 및 액세스 관리AWS IAM 자격 증명 센터AWS 계정 관리IAM 정책
언어
English
rePost-User-7313203
질문됨 일 년 전658회 조회
1개 답변
0

Hi, you should understand the two core components of the AWS IAM Identity Center service.

Core Components

Permission Set

A permission set is a template you create and maintain that defines a collection of one or more IAM policies. Permission sets simplify the assignment of AWS account access for users and groups in your organization. You can think that a permission set is a reusable role with proper permissions, which can be used in several AWS accounts in the same AWS Organization.

Account Assignment

An account assignment is the task of assigning a permission set for a specific AWS account to multiple users or groups.

Answer

You can create an account assignment for the PowerUser permission set of the AWS account to user X.

References

profile picture
전문가
posquit0
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠