1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
1
The documentation page you link to talks about delegating access from a role in one account to a role in another account. This is pretty much what you want to do.
How those roles are assumed in the first account is more or less irrelevant. The example in the documentation talks to creating static users that have the role assigned to them - that's one way (which happens to work for smaller environments). But you're absolutely correct: we recommend using Identity Center - because when users authenticate via Identity Center they are assigned to specific roles. And those roles can be used as per the example in the documentation.
Contenido relevante
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace un año
Do we not use permission set to control access for Identity Center users? Is there really a way to assign role an Identity Center user? What do you mean by static users and that is one way?
"Static users" are users created in IAM - you have said you don't want to do that (which is a good thing!).
Thanks Brettski-AWS. Found this post that explains switching role for Identity Center user: https://repost.aws/questions/QUSm-PF3zxSf6Rsj-8W75XGA/role-switch-iam-identity-center-user. Permission set defined in Identity Center looks after role assignment.