1 Answer
- Newest
- Most votes
- Most comments
2
Hello.
Just link the users created with IAM Identity Center so that they can access only the required AWS accounts.
For example, if "user1" only accesses the AWS account "Sandbox-acc1", by linking "user1" only to "Sandbox-acc1", he will be able to sign in only to "Sandbox-acc1".
The configuration steps are as described in the document below.
https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html
Relevant content
- asked 10 months ago
- Accepted Answerasked 4 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a month ago
I have linked user1 to sandbox-acc1 and assign user1 permission set AdministratorAccess. Unfortunately, when login as user1, user1 is able to view the VPC created by users in the account in production OU.
I don't think it's possible to restrict viewing of resources within the same AWS account. If you do not want them to be able to view it, you will need to recreate the resource in a different AWS account.
no not the same account. user1 in sandbox-acc1 account (Sandbox OU) is still able to view resources created by user in another account resides in Production OU. I want to restrict user1 not able to access and view resources created by users in the Production OU.
Which AWS account was the VPC created in? If it is created in "sandbox-acc1", it is normal for it to be viewed by "user1". If you do not want "user1" to see the VPC, you need to revoke "user1"'s privileges to operate the VPC or create the VPC in an AWS account other than "sandbox-acc1".
The VPC was created by the user in the production account. However, user1 in sandbox-acc1 is able to view that VPC and all other resources created by the user in the production account.