By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Is there a way to limit the management of users in Identity Center group to another Identity Center Group?

0

We have a multi-organization setup. I created Group A and Group B. Group B has permissions to perform some actions in accounts. We would like only users in Group A to be able to add or remove users from Group B. Is there a way to achieve this?

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementAWS IAM Identity Center
Language
English
ana
asked 5 months ago126 views
1 Answer
0

Create an iam policy and attach to group A.

The policy should control the action CreateGroupMembership limited to the resources

  • Group (B)
  • User (*)
  • Identity Store (X)

All these resources need defining to allow group A to add any user to group B in identity site x.

https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsidentitystore.html

profile picture
EXPERT
Gary Mclean
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content