- Mais recentes
- Mais votos
- Mais comentários
The support for customer managed policies by identity center was released July 2022.
One thing that might have confused you is, Identity Center (SSO) "allows you to manage everything via a centralized account", but it does not provision those customer managed policies for you. You need to make sure that the policy referred to from the permission set actually exists and they are the same across the different accounts that you assign your user/groups to.
Yes you can add/remove customer managed polices to/from permission sets and have identity center to update the permission sets (they end up as roles) across the accounts. (again, update of permission set, not the customer managed policy)
Yeah exactly that sounds confusing and still I have a doubt that what purpose CMP(s) is solving as SSO is used to manage everything from a centralized account (master account). Can you please elaborate it more if possible?
I got the answer for this. The feature of attaching Customer Managed Policies (CMPs) to AWS SSO permission set was introduced in Amazon Reinvent 2022. It provides a way to manage your IAM permissions without letting you disturbed all the member accounts access using SSOInlinePolicy. Steps to attach a CMP to permission set are:
- Create a CMPs with consistent names in your target accounts i.e. each CMP needs to have the same name.
- Create a permission set that references the CMP that you created.
- Assign users to the permission set in accounts where you created CMPs.
- Test your assignments.
Conteúdo relevante
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 8 meses
I have one more question related to this i.e. is it possible to reference a new CMP to the existing permission set?