79788037

Date: 2025-10-11 13:32:59
Score: 1
Natty:
Report link

I assume you are using AWS Organizations.

One way to achieve this is to combine with IAM Identity Center.

This is AWS preferred way to grant permissions to human users. IAM Identity Center is a centralized place where you can grant users permissions to accounts and resources.
https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html

On your management account IAM Identity Center console you can:

  1. Create a group -> Dev

  2. Assign uses to this group -> Ben

  3. Assign accounts -> Dev account
    This image shows how to assign accounts to IAM Identity groups.

  4. Assign permission set -> Admin Role
    This image shows how to assign permission sets to aws accounts.

IAM Identity Center configure users through Identity Providers. If you don't have one, AWS has its own Identity Provider for that. You can configure the identity source on Settings -> Identity Source.

Once the users log in, they will be presented with the roles they can assume for each account:

This image shows what IAM Identity users will see after logging in AWS.

This approach is interesting because users can assume different roles depending on the account, or even have the possibility to assume different roles in the same account.

You won't need to set the same Admin Role in all the accounts. This is going to be configured only on your management account.

This is where you can configure these permissions:

This image shows where to configure multi-account permissions for AWS organizations

Reasons:
  • Probably link only (1):
  • Long answer (-1):
  • No code block (0.5):
  • Low reputation (0.5):
Posted by: Fagner Fonseca