- Newest
- Most votes
- Most comments
Hello.
If you are using IAM Identity Center to connect to each AWS account, you can create permission sets in IAM Identity Center and associate them with users and groups.
https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
If you are using IAM users within each AWS account, you can create a CloudFormation template and distribute IAM policies etc. to each AWS account using StackSets.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html
Hello,
You can go directly to the target account with user who has IAM service permission and create a role and attach to user directly. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html
If you want to do with another account then you need to create a management access role in target account to access the role from another account. To do it follow the steps from below link. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_aws-accounts.html
Thanks Leo, for giving me a chance to rectify my mistake.
Relevant content
- Accepted Answerasked 2 years ago
- Accepted Answerasked 3 years ago
AWS OFFICIALUpdated 2 months ago- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago
I agree CFN stacksets are probably the safest and most efficient way to achieve this global.
Thank you. How can we integrate with Okta, as my Cx uses Okta.