新创建的 AWS 成员账户缺少 IAM 角色
[英]Newly created AWS member account is missing IAM role
问题描述
I just created a new account in my organization and I provided a custom IAM role.
我刚刚在我的组织中创建了一个新账户,并提供了一个自定义 IAM 角色。 The problem is that I can't find the role in IAM, I remember then name and in any case there are few roles there so I can check.问题是我在 IAM 中找不到角色,我记得当时的名字,无论如何那里的角色很少,所以我可以检查一下。 I double checked in cloud trail the IAM role name, and I search for it in IAM and I still can't find it.我在云跟踪中仔细检查了 IAM 角色名称,并在 IAM 中搜索它,但仍然找不到。 Is there something I'm missing or some workaround?有什么我遗漏的东西或一些解决方法吗?
Background: According to the documentation :背景:根据文档:
How can I access an AWS account that was created in my organization?
As part of AWS account creation, AWS Organizations creates an IAM role with full administrative permissions in the new account.
Update:更新:
The steps of the link below also helped me understand the issue https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html以下链接的步骤也帮助我理解了问题https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
1 个解决方案
解决方案1
3 已采纳 2020-08-14 11:12:57
As per the documentation, the role is created in the New account.根据文档,该角色是在新帐户中创建的。 You can assumeRole by sts service to the role from the master account, so this is the reason you cannot find the role in your account.您可以通过sts服务将角色从主帐户中的角色assumeRole ,因此这就是您在帐户中找不到角色的原因。
You first assumeRole and then you can do the administrative job for the new account.您首先assumeRole ,然后您可以为新帐户执行管理工作。 You can log in through this link with your role and account.您可以使用您的角色和帐户通过此链接登录。
https://signin.aws.amazon.com/switchrole?roleName=<roleName>&account=<newAccountId>
Be aware that you should be logged in to your master account first.请注意,您应该首先登录到您的主帐户。 Replace <roleName> and 12-digits <newAccountId> for yours.将<roleName>和 12 位<newAccountId>替换为您的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.