简体   繁体   English

忘记 AWS 组织成员账户 IAM 角色名称

[英]Forgot AWS Organization Member Account IAM role name

After setting up AWS Organizations, I created a member account with a custom IAM role name.设置 AWS Organizations 后,我创建了一个具有自定义 IAM 角色名称的成员账户。 I've now forgotten the role name used and I'm unable to assume role as root into that account.我现在忘记了使用的角色名称,我无法以root身份进入该帐户。 I need to create IAM users in the member account but without the ability to assume role using the custom OrganizationAccountAccessRole it seems I'm unable to.我需要在成员账户中创建 IAM 用户,但无法使用自定义OrganizationAccountAccessRole承担角色,我似乎无法做到。

I've tried getting access by我试过通过

  1. Using the member account root user but it doesn't have permissions to IAM使用成员账户根用户,但它没有 IAM 权限
  2. Signing in to member account using AWS SSO user with IAMFullAccess and AdministratorAccess policies attached to the policy set but user cannot access IAM.使用 AWS SSO 用户登录成员账户, IAMFullAccessAdministratorAccess策略附加到策略集,但用户无法访问 IAM。
  3. Attempting to describe member account using the master account admin user but the role isn't there尝试使用主帐户管理员用户描述成员帐户,但该角色不存在

At this point, I'm thinking the only way out is to recreate the member account.在这一点上,我认为唯一的出路是重新创建会员帐户。 Please tell me there is a better way.请告诉我有更好的方法。


UPDATE: - Found that 1 & 2 didn't work because of a restrictive Service Control Policy (SCP) on the account which didn't include IAM access permissions.更新: - 发现 1 和 2 不起作用,因为帐户上的限制性服务控制策略 (SCP) 不包括 IAM 访问权限。

Based on the comments.根据评论。

The solution was to inspect CloudTrial logs to find the API call used to create the role.解决方案是检查CloudTrial日志以查找用于创建角色的 API 调用。

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM