Changing permissions for an IAM user (part 1)

 





To read part 2, please click here






View User Access

If you want to change the permissions for a user, you must review its recent service-level activity before doing anything as it will prevent you to delete access from a principal (person or application) who is still using it.

Generate a Policy based on a User's Access Activity

An IAM policy can be easily generated according to access activity of an entity to refine your granted permissions. A policy template is generated containing all the permissions used by the entity in your specified data range (based on the IAM Access Analyzer reviews on your AWS CloudTrail logs), that can be used to create a managed policy with fine-grained permissions and attach it to an IAM entity. This allows you to only permit the AWS resources that the user or role needs to interact with for a particular use case.

Adding Permissions to a User (console)

The following ways can help in adding permission policies to a user, but, if the user already has a permission boundary, then, more permissions cannot be added beyond the specified limit.

Adding permissions by adding user to a group

  1. First of all, sign-in to the AWS Management Console and open the IAM console at https:// console.aws.amazon.com/iam/.
  2. Now select Users in the navigation pane.
  3. Review the current group memberships of the users in the Group column of the console and add the column to the users table if necessary.
  4. Select the user name whose permissions you want to modify.
  5. Now you can click the Permissions tab, Add permissions, and then Add user to the group.
  6. Select all the groups that you want the user to join through a list containing each group's name and policies that will be offered to the user if they join.
  7. You can also select Create group if you want to define a new group. (optional)
  8. Now you can select Next: Review to view the list of group memberships to be added to the user and then Add permissions.
  Adding permissions by copying from another user
  1. As stated above, you have to sign-in to the AWS Management Console firstly, and then open the IAM console at https:// console.aws.amazon.com/iam/.
  2. Now select Users, user name whose permissions are to be modified, and Permissions tab in the navigation pane.
  3. Now you can Add permissions, and then Copy permissions from existing user.
  4. Select the button next to the user whose permissions you want to copy.
  5. Now you can select Next: Review to view the list of changes done to the user and then Add permissions.
Adding permissions by attaching policies directly to the user
  1. Firstly, you have to sign-in to the AWS Management Console, and then open the IAM console at https:// console.aws.amazon.com/iam/.
  2. Now select Users, user name whose permissions are to be modified, and Permissions tab in the navigation pane.
  3. Now you can Add permissions, and then Attach existing policies directly to the user.
  4. Select one or more managed policies that you want to attach to the user. A new managed policy can also be created via Create policy.
  5. Now you can select Next: Review to view the list of policies attaching to the user and then Add permissions.

Setting Permissions boundary for a user

  1. Sign-in to the AWS Management Console, and then open the IAM console at https:// console.aws.amazon.com/iam/.
  2. Now select Users in the navigation pane.
  3. Choose the user name whose permissions boundary is to be changed.
  4. Now you can select the Permissions tab and open permissions boundary section to Set boundary (if required).
  5. Select the policy that will be used for the permissions boundary.
  6. Now you can select Set boundary.






To read part 2, please click here




































Comments

Popular posts from this blog

Deployment (Part 3)

Project Resourcing (Part 2)

Design Planning (Part 3)