Are you trying to assign an IAM role to an IAM user In IAM?
This guide is for you.
As part of our Server Management Services here at Ibmi Media, we regularly help our Customers to perform AWS related configurations.
In this context, we shall look into steps to assign IAM users to the IAM role.
More information about IAM user?
An AWS user is an entity that is created to represent a person or an application that uses to interact with AWS.
A user in AWS comprises of username and credentials. An IAM user with administrator permissions is not the same thing as the AWS account root user.
How does an IAM user sign in into their account?
In order to sign in to AWS Management Console as an IAM user, you need an account ID, username, and password.
When we create an IAM user in the console, we will be provided with the username and the account sign-in page URL. This URL includes the account ID as below;
However, you can also sign into the account using the below general URL and enter the account ID manually;
For user convenience, the AWS sign-in page uses a browser cookie so that it remembers the IAM username and account details. As a result, when the user accesses any page in AWS Management Console, the console uses the cookie to redirect the user to the account sign-in page.
More information about IAM Role?
An IAM is an IAM entity that defines a set of permissions that grant access to actions and resources in AWS.
It is not associated uniquely to a specific user or group. Instead, trusted entities assume roles, such as IAM users, applications, or AWS services such as EC2.
How to assign a role to a user in IAM?
Here you will see the steps to assign IAM users to an IAM role.
In order to assign an existing IAM role to an AWS Directory Service user or group, the role must have a trust relationship with AWS Directory Service.
Here are the steps below to assign users or groups to an IAM role.
1. First, access the AWS Directory Service console navigation pane, here choose Directories.
2. On the Directories page, choose your directory ID. Then in the Directory details page, select the Application management tab.
3. In the AWS Management Console section, under Delegate console access, choose the IAM role name for the existing IAM role that you want to assign users to. If the role has not yet been created, then create a New Role.
4. On the Selected role page, under Manage users and groups for this role, choose Add.
5. On the Add users and groups to the role page, under Select Active Directory Forest, choose either the AWS Managed Microsoft AD forest (this forest) or the on-premises forest (trusted forest), whichever contains were the accounts that need access to the AWS Management Console.
6. After that, under Specify which users or groups to add, select either ‘Find by user‘ or ‘Find by group‘. Then type the name of the user or group. In the list of possible matches, choose the user or group that you want to add.
7. Finally, choose Add to finish assigning the users and groups to the role.
You can't access users in nested groups within your directory as it is not supported. Because members of the parent group have console access, but members of child groups do not.