使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款

User Permission management across multiple AWS Accounts

0

Suppose there are 4 different AWS accounts, lets say accounts are aws1, aws2, aws3, aws4, aws5.

aws1 is kind of parent account through which all other accounts are managed through aws organization and SSO setup in aws1. Also if we need to give permission to any user for any aws resources in any aws account,then we do it from aws1 account only. so its kind of hectic managing permissions for each and every user from aws1 account for all other aws accounts.

is there a way, we can streamline this user permission things across different aws accounts in a more efficient ways.

Thanks in Advance !

3 個答案
1

I am not exactly sure what is your requirement.

  1. We have option to delegate administration of users in a registered member account e.g. aws2 to perform most IAM Identity Center (previously called SSO) administrative tasks. Please see doc at https://docs.aws.amazon.com/singlesignon/latest/userguide/delegated-admin.html

  2. Do you also want to allow member account to administer their own users and group? If this is the requirement, they can continue to do that in their respective aws account using IAM.

AWS
已回答 2 年前
  • as per your answer I understand that aws1 is the delegated administrator account in my case. So my question is how can i manage permissions for different users across different account from one account. Currently AWS organization is setup in aws1 and also SSO is enabled in aws1. For giving permissions to any users we have to login to aws1.

  • For your case, aws1 will be the delegated administrator account, this will be used to manage access to all other aws accounts that is part of the AWS organization. Do you want more aws accounts to be used instead of just aws1?

  • For your case, aws1 will be the management account, this is used to manage access to all other aws accounts that is part of the AWS organization. You can also delegate another aws account e.g. aws2

0

Based on your background description, I think AWS control tower service will be beneficial to your multi-account management, please refer to the relevant service introduction. https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html At the same time, AWS proserver team can provide the solution deployment, then help Customer quickly build the environment.

AWS
已回答 2 年前
0

will cross account roles will be helpful in my scenario ?

已回答 2 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南