By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Why can't I see the permissions attached to a user in IAM?

0

When I set up the users on my account I used this link https://awspolicygen.s3.amazonaws.com/policygen.html to generate the json giving them the specific access rights to the specific services and resources I wanted, and I copied and pasted that into something in the set up.

I know that after that initial set up, I then went back to users in IAM and was able to alter the json to further expand or limit their permissions.

The problem is now I can't find my way back to that. When I look at my users in IAM, under 'Permissions' they have in the 'Permissions Policies' section it says "No resources to display". The users also do not belong to any groups. So my questions are:

  1. Why can't I see the permissions a user has?
  2. Why does it look like my users have 0 permissions?
  3. Where is the json that I initially generated and then later edited to set their permissions?
  • Ben
    10 months ago

    I'm an idiot. The permissions were attached to the resources, not the users. But that feels counterintuitive that a user can have permission to access stuff but you can't see what resources a user has access to in IAM.

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementIAM Policies
Language
English
Ben
asked 10 months ago328 views
1 Answer
0

Hi, the policy generator that you used is a helper to create json with proper syntax but it doesn't create them in IAM. You have to do it yourself by copying and pasting the generated policies to the AWS IAM console of your accounts after you chose which users to attribute those policies to.

The documentation on how to change permissions of a given user: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html

Hope it helps

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 10 months ago
profile picture
EXPERT
JimmyDqv
reviewed 10 months ago
  • Ben
    10 months ago

    I know it doesn't create them, I did the copy and paste and set the users up right. The users have the access I gave them. For example they can put the right kinds of file in the right folders in the right S3 buckets. The problem is that I can't find my way back to see what permissions the user has. When I look at the user in IAM, it looks like they have no permissions. I can't find where the permissions I previously defined for them are.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content