How do I create a user group with pre-defined permissions that allows developers the right access to upload their code and manage and interact with the essential parts of software being developed?

0

I am a non-technical person, just trying to get some software built to make my business ops easier.

It is incredibly confusing to understand how to add permissions consistently, especially with two IAM areas, when I need to add people from time to time.

I have struggled for months to add people and make sure they have the right access and I still cannot understand the structure of administering this. Any help would be appreciated.

Barn
asked 9 days ago44 views
3 Answers
1

Hello.

AWS's managed IAM policy provides job-specific IAM policies.
While using these IAM policies, you may also create custom policies to further narrow down the policies.
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html

I think it is useful to use IAM policy simulator etc. to examine the policies required for custom policies.
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html

In addition, by using IAM Access Analyzer, it is also possible to generate IAM policies from the operation history of IAM users.
https://aws.amazon.com/jp/blogs/security/iam-access-analyzer-makes-it-easier-to-implement-least-privilege-permissions-by-generating-iam-policies-based-on-access-activity/

profile picture
EXPERT
answered 9 days ago
profile picture
EXPERT
reviewed 7 days ago
profile pictureAWS
EXPERT
reviewed 9 days ago
0

Hello.

AWS IAM resource provides you with the opportunity to create groups. You find this by visiting IAM > Access management > User groups. Click on User groups and then Create group. A group is like a container that holds all users with similar permissions or access, just as in your own case. You can create a group with the name Developers for instance. Now you add the permission you want to give to this set of users to the group you've created. These permissions come as policies. Some policies are managed by AWS. You can also create your own policy if you want. In your case, the policy you'll choose depends on what platform on AWS your applications or other services will be running. Is it EC2 instance, ECS, EKS, Lambda, EBS, Amplify e.t.c. There're policies you can use to give permissions to your developers on any of these platforms. E.g if EC2 instance, there's an AWS defined policy named AmazonEC2FullAccess or AmazonEC2ReadOnlyAccess e.t.c. You just explore the policy section of IAM to find the one that gives the developers the access they require, then attach this policy to the group you created. Then create the users and add them to that group. Note that you can add as many policies/ permissions as you need to a group.

answered 8 days ago
0

Thank you all for your replies. I will do what I can to improve how this works on my end. If any of you have the ear of the AWS UX/UI team, please let them know that this strikes me as convoluted and overly complex. One user management tool, hierarchical and clear relationships/features would really improve this and remove barriers for small business and novice users.

Cheers!

-Barn.

Barn
answered 8 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions