This is a difficult question to answer without more information. Firstly, you mention manually making users in AWS with e-mails which you use to login, but you are also using Azure SSO. When you configure Azure SSO with an AWS Organization - you typically would provision the users directly from the Azure directory using SCIM as documented here (https://docs.aws.amazon.com/singlesignon/latest/userguide/idp-microsoft-entra.html). Without knowing how your SSO is setup - it is difficult to offer anything but generic advice.
If you are unable to manage IAM users - but have the same permissions and roles as your colleague - it is possible that this may have been specifically denied in AWS. In IAM an explicit deny rule always wins - regardless if there are allow rules that allow the action that apply to your principal (user).
One way to see why you are being denied is to look at CloudTrail and see what is happening there. You can also have your colleague (who has IAM access) look at the effective permissions you have in IAM using the AWS Policy Simulator on the user that you have provisioned for yourself in AWS (https://policysim.aws.amazon.com/)
- asked a year ago
- I have Business Level support, however am being completely ignored for well over 24 hours and my site is completely downAccepted Answerasked 6 months ago
- asked 2 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
- How can I download and share AWS Artifact documents with regulators and auditors, or with others in my company?AWS OFFICIALUpdated 3 years ago
- EXPERTpublished a year ago
- EXPERTpublished 5 months ago