2 Respostas
- Mais recentes
- Mais votos
- Mais comentários
0
Hello.
You must operate with an IAM Identity Center administrative account and assign the necessary permissions.
https://docs.aws.amazon.com/singlesignon/latest/userguide/permissionsetcustom.html
Alternatively, IAM Identity Center administration can be delegated to a specific member account.
In that case, it will be possible to operate the IAM Identity Center from a delegated member account and assign privileges.
https://docs.aws.amazon.com/singlesignon/latest/userguide/permissionsetcustom.html
0
Thanks Riku. 1 I can't set policies for SSO users like in IAM anymore, right? 2 May I grant ReadOnly to all SSO users, create IAM role, let SSO user assume role when they need?
respondido há 9 meses
Conteúdo relevante
- AWS OFICIALAtualizada há 3 anos
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 2 anos
It cannot be operated from the IAM screen. Attach IAM policies in the IAM Identity Center permission set.
Do you want to set a set of permissions for a user with a ReadOnly policy? SSO users can be assigned multiple sets of privileges. For example, if an SSO user is assigned the ReadOnly permission set and the PowerUser permission set, the user can switch between the two permission sets when necessary.