Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!
How to control per user per account permissions with IAM identity center?
I am struggling with IAM Identity center. I want to make sure user Y can only assume power user role when accessing account Z. It is not clear to me how I can achieve that when all permissions sets are assigned on an account level and not a user level.
I have the following permissions sets assigned to an account
Here is the stack overflow questions (that doesn't have an answer) https://stackoverflow.com/questions/74417061/how-to-manage-user-roles-with-aws-iam-identity-center
- Newest
- Most votes
- Most comments
Hi, you should understand the two core components of the AWS IAM Identity Center service.
Core Components
Permission Set
A permission set is a template you create and maintain that defines a collection of one or more IAM policies. Permission sets simplify the assignment of AWS account access for users and groups in your organization. You can think that a permission set is a reusable role with proper permissions, which can be used in several AWS accounts in the same AWS Organization.
Account Assignment
An account assignment is the task of assigning a permission set for a specific AWS account to multiple users or groups.
Answer
You can create an account assignment for the PowerUser permission set of the AWS account to user X.
References
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 5 months ago
