Cross Account S3/Athena Access in IAM Identity Center

Question

Earlier we were using IAM Roles and mapped those Roles to the target AWS account since we know the NAMES of the roles we could hardcode them in IAM/s3 policy documents to manage access. 
with IAM Permissionset inplace , we are confused as to how to easily manage the same access to our platform users. the Names are very Weird and ends with some weird number and characters.

how should we manage the cross account resource and use these new roles created by permissionset ? Thanks

Accepted Answer

You would do same as you did with IAM role names.  The Permission Set names are 'weird' because they are trying to ensure they are unique and won't conflict with anything you have created.
The names don't change once created, so you can use them the same way you use IAM Roles.

Hope this helps,

Answer

Take a look at using principal and resource tagging in policy conditions. Examples

* [EC2: Start or stop instances based on matching principal and resource tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_ec2-start-stop-match-tags.html).
* [EC2: Start or stop instances based on tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_ec2-start-stop-tags.html)

Cross Account S3/Athena Access in IAM Identity Center

관련 콘텐츠