2回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
This approach is not suitable for default identity store directory or, in other words, when your identity store default one from AWS.
回答済み 1ヶ月前
-1
Create an iam policy and attach to group A.
The policy should control the action CreateGroupMembership limited to the resources
- Group (B)
- User (*)
- Identity Store (X)
All these resources need defining to allow group A to add any user to group B in identity site x.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsidentitystore.html