Hello,
required: Enable s3 bucket access for a specific permission set
1.I have an SSO role in IAM for Billing. This is an AWS managed SSO Role and gives access to Billing Actions in its policy. AWSReservedSSO_BillingReadOnly_tagnumber.
2.Have an IAM Identity Center Group, AWS-acctnum-BillingReaders-Prod, that has 4 SSO users.
3. The above group has been assigned to permission sets below, user is able to see the permission sets on his login page, under the account.
4. Also Have a permission set(BillingReadOnly) that has the AWS managed Billing policy- AWSBillingReadOnlyAccess and also an inline policy that allows access to s3 bucket, (ListBucket, GetObject)
The SSO user who is part of group 2, sees this permission set on his login screen. But he does not see any buckets listed on s3.
Note, anything that is AWS managed, cannot be altered, hence the addition of custom inline policy on the permission set.
Any idea what's wrong here?
Thanks in advance.
AWS 官方已更新 3 年前
S3 bucket has basic access for AWSBillingConductor write, so that Billing can dump its monthly reports. Was advised to allow this access through IAM. On another note, had tried modifying s3 policy for that specific sso role arn, but that had not shown the bucket either. Can we add a permission set to s3 bucket policy, instead(permission sets are new to me).