How to hide IAM users under a root user seeing each other, specially the IAM user who created another IAM user under it

0

Specifically one issue I have is:

  1. I have created a "root account in AWS.
  2. Under this root account I have created a master-admin IAM account with full access
  3. Logged off root user and logged in back using master-admin user.
  4. Created a new IAM account for the new developer.
  5. However, when I logged off my master-admin account and logged in as the new developer, I can see and have access to my master-admin account which is not right since the developer "apparently" can modify or delete my master-admin account. The developer IAM SHOULD NOT be able to see other IAM accounts specially the master-admin account. So my question is what have I not done right?
  • What policy permissions are being assigned to "developer" account? This will largely dictate what access they have and whether or not they can make view/edit/delete API calls in the AWS console.

2 Answers
0

Remove IAM permissions from the Developer IAM account or you can try something similar as defined in this document. https://aws.amazon.com/premiumsupport/knowledge-center/iam-permission-boundaries/

AWS
Rishi
answered a year ago
0

Hello,

You can use permission boundary to cater this scenario. A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity's permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries. https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html

Thanks, Gautam

profile pictureAWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions