Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

How to hide IAM users under a root user seeing each other, specially the IAM user who created another IAM user under it

0

Specifically one issue I have is:

  1. I have created a "root account in AWS.
  2. Under this root account I have created a master-admin IAM account with full access
  3. Logged off root user and logged in back using master-admin user.
  4. Created a new IAM account for the new developer.
  5. However, when I logged off my master-admin account and logged in as the new developer, I can see and have access to my master-admin account which is not right since the developer "apparently" can modify or delete my master-admin account. The developer IAM SHOULD NOT be able to see other IAM accounts specially the master-admin account. So my question is what have I not done right?
  • mkosta-AWS
    vor einem Jahr

    What policy permissions are being assigned to "developer" account? This will largely dictate what access they have and whether or not they can make view/edit/delete API calls in the AWS console.

Themen
Sicherheit, Identität & KonformitätManagement & Unternehmensführung
Tags
AWS Identity and Access ManagementAWS Management ConsoleAWS OrganisationenAWS KontoverwaltungIAM-Richtlinien
Sprache
English
rePost-User-3492165
gefragt vor einem Jahr349 Aufrufe
2 Antworten
0

Remove IAM permissions from the Developer IAM account or you can try something similar as defined in this document. https://aws.amazon.com/premiumsupport/knowledge-center/iam-permission-boundaries/

AWS
Rishi
beantwortet vor einem Jahr
0

Hello,

You can use permission boundary to cater this scenario. A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity's permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries. https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html

Thanks, Gautam

profile pictureAWS
Gautam Kumar
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt