Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Create an IAM Policy for SSO Users, Groups and Permission Set

Steps to create an IAM Policy

  1. Click on Policies on the left hand side menu of the IAM dashboard.

     

  2. Click Create policy and click on the JSON tab.

  3. IAM Policy Creation: Enter the following json snippet and click Next: Tags. The following policy allows Zilla to read the SSO Users, Groups and Permission Sets information from your AWS account

    Code Block
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "VisualEditor1",
                "Effect": "Allow",
                "Action": [
                    "identitystore:Describe*",
                    "identitystore:List*"
                ],
                "Resource": "*"
            }
        ]
    }

     

     

  4. Optionally add tags and click Next: Review.

  5. Review Policy: On the review page, enter the Name (Zilla-SSO-Reader-Policy) and optionally a description for the policy. Review the permissions assigned to the policy and then click Create policy. The policy will look like this:

     

  6. You will see a success message like this:

     

  7. To confirm that the policy is present, you can search for it in the policy search bar. You will see your newly added policy in the list.

     

  8. Click the policy Zilla-SSO-Reader-Policy to double check the assigned permissions. The policy will look like this:

    Click on the {} JSON tab to double check the policy json.

     

...

Now that you have created the policy, the next step is to create a cross account Role.

Create an IAM Role for SSO Users, Groups and Permission Set

Steps to create an IAM Role

...