Allowing multiple users to maintain AWS infrastructure
I am trying to build OUs and member accounts so that I can allow team members to maintain the services hosted on AWS. For example, I will have users in database account to maintain rds, users in sysadmin account to maintain the EC2/EFS, and users in the developer account to maintain lambda etc. However, users in these accounts are not able to share the same services they created. That is, when the database users login to AWS, they do not see the EC2/EFS created by the sysadmin. And the sysadmin users do not see the lambda created by the developers. I suppose the purpose of having different accounts is to allow each account to host their services separately and therefore billed seperately. So should I have all these users (database, sysadmin, developer) in one account so that they can share to maintain the services and infrastructure?
- Newest
- Most votes
- Most comments
Hi,
Of course you can different users who has permissions to different AWS services.
let's say, you have number of users in AWS. Create permissions set in IAM as database, sysadmin, developer. https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#howtodelegatessoaccess
Now attach the IAM policies to the permission set
databasepermission set -->AmazonRDSFullAccesssysadminpermission set -->AmazonEC2FullAccess/AmazonElasticFileSystemFullAccessdeveloperpermission set -->AWSLambda_FullAccess
Now start creating the IAM users in IAM identity center and map the above permission sets to them
Relevant content
- Accepted Answerasked 4 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
