User Permission management across multiple AWS Accounts

0

Suppose there are 4 different AWS accounts, lets say accounts are aws1, aws2, aws3, aws4, aws5.

aws1 is kind of parent account through which all other accounts are managed through aws organization and SSO setup in aws1. Also if we need to give permission to any user for any aws resources in any aws account,then we do it from aws1 account only. so its kind of hectic managing permissions for each and every user from aws1 account for all other aws accounts.

is there a way, we can streamline this user permission things across different aws accounts in a more efficient ways.

Thanks in Advance !

3 Answers
1

I am not exactly sure what is your requirement.

  1. We have option to delegate administration of users in a registered member account e.g. aws2 to perform most IAM Identity Center (previously called SSO) administrative tasks. Please see doc at https://docs.aws.amazon.com/singlesignon/latest/userguide/delegated-admin.html

  2. Do you also want to allow member account to administer their own users and group? If this is the requirement, they can continue to do that in their respective aws account using IAM.

AWS
answered a year ago
  • as per your answer I understand that aws1 is the delegated administrator account in my case. So my question is how can i manage permissions for different users across different account from one account. Currently AWS organization is setup in aws1 and also SSO is enabled in aws1. For giving permissions to any users we have to login to aws1.

  • For your case, aws1 will be the delegated administrator account, this will be used to manage access to all other aws accounts that is part of the AWS organization. Do you want more aws accounts to be used instead of just aws1?

  • For your case, aws1 will be the management account, this is used to manage access to all other aws accounts that is part of the AWS organization. You can also delegate another aws account e.g. aws2

0

Based on your background description, I think AWS control tower service will be beneficial to your multi-account management, please refer to the relevant service introduction. https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html At the same time, AWS proserver team can provide the solution deployment, then help Customer quickly build the environment.

AWS
answered a year ago
0

will cross account roles will be helpful in my scenario ?

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions