[英]Forgot AWS Organization Member Account IAM role name
After setting up AWS Organizations, I created a member account with a custom IAM role name.设置 AWS Organizations 后,我创建了一个具有自定义 IAM 角色名称的成员账户。 I've now forgotten the role name used and I'm unable to assume role as root into that account.我现在忘记了使用的角色名称,我无法以root身份进入该帐户。 I need to create IAM users in the member account but without the ability to assume role using the custom OrganizationAccountAccessRole
it seems I'm unable to.我需要在成员账户中创建 IAM 用户,但无法使用自定义OrganizationAccountAccessRole
承担角色,我似乎无法做到。
I've tried getting access by我试过通过
IAMFullAccess
and AdministratorAccess
policies attached to the policy set but user cannot access IAM.使用 AWS SSO 用户登录成员账户, IAMFullAccess
和AdministratorAccess
策略附加到策略集,但用户无法访问 IAM。At this point, I'm thinking the only way out is to recreate the member account.在这一点上,我认为唯一的出路是重新创建会员帐户。 Please tell me there is a better way.请告诉我有更好的方法。
UPDATE: - Found that 1 & 2 didn't work because of a restrictive Service Control Policy (SCP) on the account which didn't include IAM access permissions.更新: - 发现 1 和 2 不起作用,因为帐户上的限制性服务控制策略 (SCP) 不包括 IAM 访问权限。
Based on the comments.根据评论。
The solution was to inspect CloudTrial
logs to find the API call used to create the role.解决方案是检查CloudTrial
日志以查找用于创建角色的 API 调用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.