By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Create an administrator-like profile/role outside the management account

0

I have multiple accounts in Organizations and wanted a way to manage them securely. I want to create a user or give my user permission as if they were an administrator (in this multiple accounts), so I don't have to use the management account. What's the best way to do this?

I saw that I can use permission boundaries, but I didn't find examples of how it would be applied to an administrator-like user or how I can write a policy and permission boundaries in this case for an administrator. Besides that, would any other action be recommended? Any blockage on the management account? Thanks!

Topics
Security, Identity, & ComplianceManagement & Governance
Tags
AWS IAM Identity CenterAWS Account ManagementIAM Policies
Language
English
natte
asked 6 months ago185 views
2 Answers
1

Hello.

If you are using Organizations, you can use SCP to restrict operations.
You might be able to accomplish what you want using this.
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html

profile picture
EXPERT
Riku_Kobayashi
answered 6 months ago
0

You might want to also check out delegated administration. Delegated administration provides a convenient way for assigned users in a registered member account to perform most IAM Identity Center administrative tasks. More here: https://docs.aws.amazon.com/singlesignon/latest/userguide/delegated-admin.html

profile pictureAWS
mvmandel-aws
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content