- 新しい順
- 投票が多い順
- コメントが多い順
I am not exactly sure what is your requirement.
-
We have option to delegate administration of users in a registered member account e.g. aws2 to perform most IAM Identity Center (previously called SSO) administrative tasks. Please see doc at https://docs.aws.amazon.com/singlesignon/latest/userguide/delegated-admin.html
-
Do you also want to allow member account to administer their own users and group? If this is the requirement, they can continue to do that in their respective aws account using IAM.
Based on your background description, I think AWS control tower service will be beneficial to your multi-account management, please refer to the relevant service introduction. https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html At the same time, AWS proserver team can provide the solution deployment, then help Customer quickly build the environment.
関連するコンテンツ
- AWS公式更新しました 1年前
- AWS公式更新しました 3年前
as per your answer I understand that aws1 is the delegated administrator account in my case. So my question is how can i manage permissions for different users across different account from one account. Currently AWS organization is setup in aws1 and also SSO is enabled in aws1. For giving permissions to any users we have to login to aws1.
For your case, aws1 will be the delegated administrator account, this will be used to manage access to all other aws accounts that is part of the AWS organization. Do you want more aws accounts to be used instead of just aws1?
For your case, aws1 will be the management account, this is used to manage access to all other aws accounts that is part of the AWS organization. You can also delegate another aws account e.g. aws2