2개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hello.
You must operate with an IAM Identity Center administrative account and assign the necessary permissions.
https://docs.aws.amazon.com/singlesignon/latest/userguide/permissionsetcustom.html
Alternatively, IAM Identity Center administration can be delegated to a specific member account.
In that case, it will be possible to operate the IAM Identity Center from a delegated member account and assign privileges.
https://docs.aws.amazon.com/singlesignon/latest/userguide/permissionsetcustom.html
0
Thanks Riku. 1 I can't set policies for SSO users like in IAM anymore, right? 2 May I grant ReadOnly to all SSO users, create IAM role, let SSO user assume role when they need?
답변함 9달 전
It cannot be operated from the IAM screen. Attach IAM policies in the IAM Identity Center permission set.
Do you want to set a set of permissions for a user with a ReadOnly policy? SSO users can be assigned multiple sets of privileges. For example, if an SSO user is assigned the ReadOnly permission set and the PowerUser permission set, the user can switch between the two permission sets when necessary.