使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

How to control per user per account permissions with IAM identity center?

0

I am struggling with IAM Identity center. I want to make sure user Y can only assume power user role when accessing account Z. It is not clear to me how I can achieve that when all permissions sets are assigned on an account level and not a user level.

I have the following permissions sets assigned to an account Enter image description here The console says that I can assigned permissions to a group Enter image description here But when I start assigning permissions sets, they are assigned to ACCOUNTS only. So there is no way to say user X can only be PowerUser but not Administrator when accessing the account Y Enter image description here

Here is the stack overflow questions (that doesn't have an answer) https://stackoverflow.com/questions/74417061/how-to-manage-user-roles-with-aws-iam-identity-center

主題
安全性、身分識別與合規管理與治理
標籤
安全性、身分識別與合規AWS Identity and Access ManagementAWS IAM Identity CenterAWS Account ManagementIAM 政策
語言
English
rePost-User-7313203
已提問 1 年前檢視次數 650 次
1 個回答
0

Hi, you should understand the two core components of the AWS IAM Identity Center service.

Core Components

Permission Set

A permission set is a template you create and maintain that defines a collection of one or more IAM policies. Permission sets simplify the assignment of AWS account access for users and groups in your organization. You can think that a permission set is a reusable role with proper permissions, which can be used in several AWS accounts in the same AWS Organization.

Account Assignment

An account assignment is the task of assigning a permission set for a specific AWS account to multiple users or groups.

Answer

You can create an account assignment for the PowerUser permission set of the AWS account to user X.

References

profile picture
專家
posquit0
已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容