Manage User Accounts
Groups and Permissions
In IAM Identity Center, AWS Accounts / Permissions and Groups are managed from Terraform. If you want to make any changes to these entities, update the terraform code and apply changes.
Below are the default groups created with IAM Identity Center deployment.
| Group | Description |
|---|---|
| AdministratorAccess | This group has Administrative access to all accounts in the organization. Assign this group only to users who actually needs this level of permission |
| Developer | This group has read-only access to project accounts and read-write access to sandbox-* accounts. This group should be sufficient for most use cases |
| Security | This group is for security personnel who wants to audit the AWS accounts |
| Billing | This group is for finance personnel to read billing information |
Add User Accounts
User accounts are created, removed and added to groups manually from IAM Identity Center console.
- To add a user, go to Users and click Add user.
- Use the
Email addressfor Username. And fill other details and click Next. - In the Groups section, select Developer and any other groups depending on the user's role in the organization.
About Developer Group
Developer group has read-only access to project accounts and read-write access to sandbox-* accounts.