Is it possible to set up an IAM account for 3rd party to look after the specific resources?

Question

I would like to assign the admin permission for specific resources (EC2, RDS, volumes, snapshot), how to group these resources from administration's perspective? This resource group will also need use some components in my VPC (subnet, routing tables, security groups, ...), is it possible to isolate them from my other services?

Accepted Answer

This is a good resource you can refer

*When third parties require access to your organization's AWS resources, you can use roles to delegate access to them. For example, a third party might provide a service for managing your AWS resources. With IAM roles, you can grant these third parties access eiito your AWS resources without sharing your AWS security credentials. Instead, the third party can access your AWS resources by assuming a role that you create in your AWS account. To learn whether principals in accounts outside of your zone of trust (trusted organization or account) have access to assume your roles, see [What is IAM Access Analyzer](https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html)?.*

**Providing access to AWS accounts owned by third parties** - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.html

Also check on **Establishing your best practice AWS environment **- https://aws.amazon.com/organizations/getting-started/best-practices/

Is it possible to set up an IAM account for 3rd party to look after the specific resources?

相關內容