search

awsdocs / aws-single-sign-on-user-guide

The open source version of the AWS Single Sign-On docs. You can submit feedback & requests for changes by submitting issues in this repo or by making proposed changes & submitting a pull request.
Other
44 stars 36 forks source link

Additional permissions required to use the IAM Identity Center console #16

Closed zjt closed 1 year ago

zjt commented 2 years ago

For a user to work with the IAM Identity Center console without errors, additional permissions are required, in addition to the permissions that are documented. Without these additional permissions the console does not load.

                "iam:ListPolicies",
                "access-analyzer:ValidatePolicy",
                "organizations:ListRoots",
                "organizations:ListAccounts",
                "organizations:ListOrganizationalUnitsForParent",
                "organizations:ListAccountsForParent",
                "organizations:DescribeOrganization",
                "organizations:ListChildren",
                "organizations:DescribeAccount",
                "organizations:ListParents",

These additional permissions were determined by CloudTrail analysis and may not be completely least privilege.

joshbean commented 1 year ago

Closing this issue or pull request in advance of archiving this repo. For more information about the decision to archive this repo (and others in the 'awsdocs' org), see the announcement on the AWS News Blog.