...
| Info |
|---|
Account Administrators have full control over which IAM Groups, Roles and Users are allowed to launch Products from the IT@Cornell Portfolio. By default, shib-admin and sso-admin members can launch and of our Portfolio products. |
...
To enable additional IAM Principals to the IT@Cornell Products for your account. (ie. sso-admindevs, shib-devs, shib-dbas, etc...)
- Log in to your Cornell AWS Account
- Make sure you are in the us-east-1 (N. Virginia) Region
- Navigate to the Imported Portfolios section of the AWS Service Catalog Console
- Click the IT@Cornell Portfolio
- Select the "Access" tab
- Click the "Grant access" button
- Select the "IAM Principal" radio button
- Wildcards are now supported for granting access via Principal Names as well, ie. arn:aws:iam:::role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_sso-admin_*
- Select the "Roles" tab
- Search for the desired role to add
- Click the "Grant Access" button
- The IT@Cornell Products are now visible and launch-able in the Products Section for the newly provisioned IAM Principal.
