By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

HTTP 403 error when trying to access Management Console with Identity Center user

0

Hi all, I have been getting the following error when trying to access AWS Management Console with IAM Identity Center users. These users have been granted the AdministratorAccess permission policies, and have been able to access the Management Console previously. Not sure what broke recently, but not able to access through the same way. We are able to login, but when we click on Management Console, this error pops up instead.
"No access Request ID: 886f725f-8cbc-43e9-aa2b-8a6895a6f1a2 HTTP status: 403"

Look forward to any kind advice. Thank you!

Topics
Security, Identity, & Compliance
Tags
AWS IAM Identity Center
Language
English
wkquek
asked 10 months ago531 views
2 Answers
0
Accepted Answer

When you use permission sets, under the hood it creates roles in the accounts with a unique ID along with IDP's when you enable SSO.

  • Has any of these roles been manually removed from the target accounts?
  • Has the IDP in the target accounts been removed which is used by Identity centre?
profile picture
EXPERT
Gary Mclean
answered 10 months ago
profile picture
EXPERT
Sedat Salman
reviewed 10 months ago
profile pictureAWS
EXPERT
Jonathan_D
reviewed 10 months ago
  • wkquek
    10 months ago

    Thanks Gary. This helped to solved my problem. I think I removed the role while doing spring-cleaning of my AWS Policies and Roles.

  • Gary Mclean EXPERT
    10 months ago

    Thanks for the feedback. Glad to have helped.

0

Hi, this previous similar re:Post question had the same problem: https://repost.aws/questions/QU2cQ7kmJlRHae_TWzq5KzOg/giving-user-access-to-aws-console-via-identity-center

For them, the solution was:

After filling in the email address attribute for my AD User and allowing Identity Center to sync, 
my user and test account were able to login successfully.

So is email address attribute already entered in your case?

profile pictureAWS
EXPERT
Didier_Durand
answered 10 months ago
profile picture
EXPERT
Sedat Salman
reviewed 10 months ago
  • wkquek
    10 months ago

    Hi Didier thanks for your kind reply. Looked at the previous ticket, but I am not using SSO. I am using users created in AWS IAM Identity Center only. Should be different issue from the ticket you mentioned? Thanks again for your kind help.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content