Create an IAM Policy for SSO Users, Groups and Permission Set
Steps to create an IAM Policy
Click on Policies on the left hand side menu of the IAM dashboard.
Click
Create policy
and click on theJSON
tab.IAM Policy Creation: Enter the following
json
snippet and clickNext: Tags
. The following policy allows Zilla to read the SSO Users, Groups and Permission Sets information from your AWS accountCode Block { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "identitystore:Describe*", "identitystore:List*" ], "Resource": "*" } ] }
Optionally add tags and click
Next: Review
.Review Policy: On the review page, enter the Name (
Zilla-SSO-Reader-Policy
) and optionally a description for the policy. Review the permissions assigned to the policy and then clickCreate policy
. The policy will look like this:You will see a success message like this:
To confirm that the policy is present, you can search for it in the policy search bar. You will see your newly added policy in the list.
Click the policy
Zilla-SSO-Reader-Policy
to double check the assigned permissions. The policy will look like this:Click on the
{} JSON
tab to double check the policy json.
...
Now that you have created the policy, the next step is to create a cross account Role.
Create an IAM Role for SSO Users, Groups and Permission Set
Steps to create an IAM Role
...