This document introduces how to use the IAM Identity Center Catalog.
- You can create a PermissionSet for each AWS account in IAM Identity Center.
- PermissionSet can only register AWS Managed IAM Policies and Custom Managed IAM Policies.
- You can delegate Owner and Approver permissions for each AWS account.
Note
PermissionSet is created for each AWS account. Registration across multiple AWS accounts is not supported at this time.
Users in the IAM IdC Catalog Owner Group can register AWS accounts under IAM Identity Center management.
-
Navigate to the page with the path
/catalog/iam-idc-catalog/resource-type/iam-idc-aws-account. -
Click Create.
-
Enter the required information.
- Owner GroupId and Approver GroupId should specify the IDs of groups created in Stamp (which can be created on the
/grouppage).
- Owner GroupId and Approver GroupId should specify the IDs of groups created in Stamp (which can be created on the
-
Click Create.
You can create PermissionSets for each AWS account using the following method:
-
Navigate to the page with the path
/catalog/iam-idc-catalog/resource-type/iam-idc-permission. -
Click Create.
-
Enter the required information:
| Property | Description |
|---|---|
| Name | Name |
| Description | Description |
| Permission Set Name ID | ID that becomes part of the PermissionSet name. Listed in the AWS Access Portal. |
| Session Duration | Specify in the format PT8H. |
| Managed Policy Names | AWS managed policy. |
| Custom IAM Policy Names | Customer managed policy. |
Parent iam-idc-aws-account |
AWS account that provisions the PermissionSet. |
You can submit requests using the following method:
-
Navigate to the page with the path
/catalog/iam-idc-catalog/approval-flow/iam-idc-permission-request/submit. -
Enter the details.
-
Click Request.
The requester or the Approver Group can revoke the request from the request page.
