Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

HTTP 403 error when trying to access Management Console with Identity Center user

0

Hi all, I have been getting the following error when trying to access AWS Management Console with IAM Identity Center users. These users have been granted the AdministratorAccess permission policies, and have been able to access the Management Console previously. Not sure what broke recently, but not able to access through the same way. We are able to login, but when we click on Management Console, this error pops up instead.
"No access Request ID: 886f725f-8cbc-43e9-aa2b-8a6895a6f1a2 HTTP status: 403"

Look forward to any kind advice. Thank you!

Tópicos
Segurança, identidade e conformidade
Tags
Centro de identidade do AWS IAM
Idioma
English
wkquek
feita há um ano576 visualizações
2 Respostas
0
Resposta aceita

When you use permission sets, under the hood it creates roles in the accounts with a unique ID along with IDP's when you enable SSO.

  • Has any of these roles been manually removed from the target accounts?
  • Has the IDP in the target accounts been removed which is used by Identity centre?
profile picture
ESPECIALISTA
Gary Mclean
respondido há um ano
profile picture
ESPECIALISTA
Sedat Salman
avaliado há um ano
profile pictureAWS
ESPECIALISTA
Jonathan_D
avaliado há um ano
  • wkquek
    há um ano

    Thanks Gary. This helped to solved my problem. I think I removed the role while doing spring-cleaning of my AWS Policies and Roles.

  • Gary Mclean ESPECIALISTA
    há um ano

    Thanks for the feedback. Glad to have helped.

0

Hi, this previous similar re:Post question had the same problem: https://repost.aws/questions/QU2cQ7kmJlRHae_TWzq5KzOg/giving-user-access-to-aws-console-via-identity-center

For them, the solution was:

After filling in the email address attribute for my AD User and allowing Identity Center to sync, 
my user and test account were able to login successfully.

So is email address attribute already entered in your case?

profile pictureAWS
ESPECIALISTA
Didier_Durand
respondido há um ano
profile picture
ESPECIALISTA
Sedat Salman
avaliado há um ano
  • wkquek
    há um ano

    Hi Didier thanks for your kind reply. Looked at the previous ticket, but I am not using SSO. I am using users created in AWS IAM Identity Center only. Should be different issue from the ticket you mentioned? Thanks again for your kind help.

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante