How to hide IAM users under a root user seeing each other, specially the IAM user who created another IAM user under it

Question

Specifically one issue I have is:

1. I have created a "root account in AWS.
2. Under this root account I have created a master-admin IAM account with full access
3. Logged off root user and logged in back using master-admin user.
4. Created a new IAM account for the new developer.
5. However, when I logged off my master-admin account and logged in as the new developer, I can see and have access to my master-admin account which is not right since the developer "apparently" can modify or delete my master-admin account. The developer IAM SHOULD NOT be able to see other IAM accounts specially the master-admin account. So my question is what have I not done right?

Answer

Remove IAM permissions from the Developer IAM account or you can try something similar as defined in this document. https://aws.amazon.com/premiumsupport/knowledge-center/iam-permission-boundaries/

Answer

Hello,

You can use permission boundary to cater this scenario. A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity's permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries.
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html

Thanks,
Gautam

How to hide IAM users under a root user seeing each other, specially the IAM user who created another IAM user under it

관련 콘텐츠