0 votes
in AWS Access Management by
How do I control what a federated user is allowed to do when signed in to the console?

1 Answer

0 votes
by

When you request temporary security credentials for your federated user using an AssumeRole API, you can optionally include an access policy with the request. The federated user’s privileges are the intersection of permissions granted by the access policy passed with the request and the access policy attached to the IAM role that was assumed. The access policy passed with the request cannot elevate the privileges associated with the IAM role being assumed. When you request temporary security credentials for your federated user using the GetFederationToken API, you must provide an access control policy with the request. The federated user’s privileges are the intersection of the permissions granted by the access policy passed with the request and the access policy attached to the IAM user that was used to make the request. The access policy passed with the request cannot elevate the privileges associated with the IAM user used to make the request. These federated user permissions apply to both API access and actions taken within the AWS Management Console.

Related questions

0 votes
asked Aug 25, 2021 in AWS Access Management by Robindeniel
+1 vote
asked Oct 24, 2021 in AWS Access Management by Robin
...