RE:Post via activity center

0
  1. Can an Identity Center use their credentials to login and post on Re:Post

  2. If so what are the least-privileged IAM policy privileges that must be applied to post?

I am having a hard time finding these questions.

Thanks

Allen S
asked a month ago119 views
1 Answer
0

Hello,

I conducted a test myself. I was able to log in to re:Post using my IAM Identity Center account. Therefore, yes, it is possible to log in and post on re:Post through Identity Center credentials.

To test the least-privileged IAM policy privilege, I assigned an AWS account with a permission set that included the AWS managed policy: AWSDenyAll to my IAM Identity Center account. Despite this, I was still able to use all the features of re:Post. Therefore, there are no special permission requirements for using re:Post.

I hope this information is helpful.

profile picture
Sean
answered 25 days ago
  • Interesting. Thanks so much for spending the time. That means a lot! I am putting this on hold until I determine whether I need to do this since my IC user fails validation on repost but works fine on the portal. More ideas below but no need for you to spend additional brainpower on it at this time:-)

    My issue may be related to the fact my IC user doesn't have an AWS console grant or something. I can login to my portal but not Repost. Repost asks for a builder id or IAM. My identity center user gets an invalid credentials on repost.

    Thanks again for the time.

  • Thank you for your reply.

    First of all, it may not be possible to log in to the repost service if the IC user is not assigned to an AWS account.

    To assist in resolving the issue, I will explain the testing procedure I carried out:

    1. I created a permission set in the AWS account that denies all permissions.
    2. I assigned the AWS account to a user with the created permission set.
    3. I logged in using the created IC user.
    4. On the login page of the repost service, I selected AWS Management Console.
    5. As a result, I successfully logged in to the re:Post service as an IC, assuming the role of arn:aws:sts:{account}:assumed-role/AWSReservedSSO_{user}.

    And you are correct. re:Post asks for either a Builder ID or IAM, and IAM Identity Center uses IAM roles.

    Under the hood, when the user uses IAM Identity Center to access the AWS Management Console or CLI, the IAM Identity Center sign in session is used to obtain an IAM session, as specified in the corresponding IAM Identity Center permission set (more specifically, IAM Identity Center assumes an IAM role, which IAM Identity Center manages, in the target account).

    https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html#sessionsconcept

    I tried to find the issue related to the "invalid credentials" when accessing re:Post, but I couldn't find it. I hope you can find a way to resolve this issue. If you have any further questions, comment down below!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions