How do I provision a permission set to an AWS account in IAM Identity Center?
I am logged into the AWS Management Console as the Root User. In the IAM Identity Center, I created an AWS account "Stevoisiak" which I plan to use as my primary account. I then created a permission set "AdministratorAccess" so I can give said AWS user full access to AWS services. However, I cannot figure out how to provision this permission set to my AWS account.
If I open the permission set's accounts tab, AWS says I can update the permission set in one or more accounts, but searching my username returns 0 results, making me think this is only applicable once it's already been provisioned to an account. If I go to my AWS account, I can see a different permission set that's been applied, but I don't see a way to add a new permission set. There is a prompt saying I can reset my permission policies in IAM, but I'm already in the IAM Identity Center. The "Learn more" option explains how to create and manage permissions sets, but does not say how to assign one to an AWS account.
How do I assign/provision a permission set to an AWS Account in IAM?
I think you can't assign a permission set to an account, instead, you create permissions sets and assign users/groups to it. Then, you give access/assign users groups to aws accounts.
First, verify that you can see your user created in IAM identity center. I have created one user named "pachispachis". I suggest you add it to an user group for administrators.
After that, head over to permission sets (under Multi-account permissions), verify there is an administrator access permission set created. After that, head over to AWS accounts (under multi-account permissions) and SELECT the AWS account you are giving access to, and click on "Assign users or groups".
After that, it will ask you to select users and groups to give access to the account, you add the user or the group where you user is (in case you added your user to a group). You will then be asked to select the permissions sets associated to that user/group:
Go ahead and review and submit it. It might take a few minutes for your user to get access to the account (see it in the aws portal access). Verify the user has access under "Users" section (in IAM identity center).
Let me know if that works and/or if other issues ocurr.
- AWS CLI Create Default VPC
- Email address is not verified (AWS SES)
- RDS Proxy: PENDING_PROXY_CAPACITY and "DBProxy Target unavailable due to an internal error"
- mTLS on AWS ALBs across multiple regions
- How to debug a aws lambda function?
- AWS SAM retrieve secret value from Secret Manager with dynamic referencing
- Cloudfront redirect when signed cookies not present
- Is there a wildcard character in AWS EventBridge rules?
- Laravel file upload s3 Multipart
- Increase EC2 disk storage without losing any data
- AWS Lambda triggers SES in VPC
- Setting HTTP Headers with Lambda@Edge
- How to find an Amazon EC2 AMI if I only have the id?
- AWS Lambda - Can't set memory larger than 3008 MB
- Which one is the cheapest to use AWS RDS or my own database?
- AWS Glue Please verify role's TrustPolicy
- How to create event bus events with source 'aws.'?
- Terraform and AWS: No Configuration Files Found Error
- How to transfer the packets through NAT gateway instead of public IP?
- Is Aws well architected framework supports API's?
- Can't delete AWS internet Gateway
- Unable to Trigger Lambda function in AWS using Python code from my local setup
- How to login with AWS CLI using credentials profiles
- How to retrieve multiple endpoints using data "aws_vpc_endpoint" resource?
- When pushing to ECS, Docker image errors out with module not found error
- Is there a way to drop file extensions when using AWS CLI with --recursive?
- On-demand self-hosted AWS EC2 runner for GitHub Actions
- How to manage dev and prod environments in a SAM project with CloudFormation Stacks, API Gateway, Lambda, and other AWS services?
- EC2 Instance error telling me multiple IAM Roles are attached when I try to change it...?
- (NoSuchVersion) when calling the GetObject operation: The specified version does not exist