...
Click on Policies on the left hand side menu of the IAM dashboard.
Click
Create policy
and click on theJSON
tab.IAM Policy Creation: Enter the following
json
snippet and clickNext: Tags
. The following policy allows Zilla to read the SSO Users, Groups and Permission Sets information from your AWS accountCode Block { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "identitystore:Describe*", "identitystore:List*" ], "Resource": "*" } ] }
Optionally add tags and click
Next: Review
.Review Policy: On the review page, enter the Name (
Zilla-SSO-Reader-Policy
) and optionally a description for the policy. Review the permissions assigned to the policy and then clickCreate policy
. The policy will look like this:You will see a success message like this:
To confirm that the policy is present, you can search for it in the policy search bar. You will see your newly added policy in the list.
Click the policy
Zilla-SSO-Reader-Policy
to double check the assigned permissions. The policy will look like this:Click on the
{} JSON
tab to double check the policy json.
...
Now that you have created the policy, the next step is to create a cross account Role.
...