I am logged into the AWS Management Console as the Root User. In the IAM Identity Center, I created an AWS account "Stevoisiak" which I plan to use as my primary account. I then created a permission set "AdministratorAccess" so I can give said AWS user full access to AWS services. However, I cannot figure out how to provision this permission set to my AWS account.
If I open the permission set's accounts tab, AWS says I can update the permission set in one or more accounts, but searching my username returns 0 results, making me think this is only applicable once it's already been provisioned to an account. If I go to my AWS account, I can see a different permission set that's been applied, but I don't see a way to add a new permission set. There is a prompt saying I can reset my permission policies in IAM, but I'm already in the IAM Identity Center. The "Learn more" option explains how to create and manage permissions sets, but does not say how to assign one to an AWS account.
How do I assign/provision a permission set to an AWS Account in IAM?
I think you can't assign a permission set to an account, instead, you create permissions sets and assign users/groups to it. Then, you give access/assign users groups to aws accounts.
First, verify that you can see your user created in IAM identity center. I have created one user named "pachispachis". I suggest you add it to an user group for administrators.
After that, head over to permission sets (under Multi-account permissions), verify there is an administrator access permission set created. After that, head over to AWS accounts (under multi-account permissions) and SELECT the AWS account you are giving access to, and click on "Assign users or groups".
After that, it will ask you to select users and groups to give access to the account, you add the user or the group where you user is (in case you added your user to a group). You will then be asked to select the permissions sets associated to that user/group:
Go ahead and review and submit it. It might take a few minutes for your user to get access to the account (see it in the aws portal access). Verify the user has access under "Users" section (in IAM identity center).
Let me know if that works and/or if other issues ocurr.