0

I have an AWS account used by different people.

I want to give access to IAM Users in the IAM User Group Developer to only the resources they created. They should be able to create any resources and read and write all the resources they created.

So, when you logged as IAM User A part of IAM User Group Developer, you can read and edit all the resources IAM User A has created since the beginning. Also, you will be able to create any other resources.

I prefer to avoid using AWS Organisations. Moreover, there are resources shared across the account. There is already an Admin role and a ReadOnly role for these resources.

One solution would be to ask developers to use their AWS Accounts and permit them to access the main one with IAM Roles. However, I would like your help with a solution using only one AWS Account.

Adrien Kaczmarek
  • 530
  • 4
  • 13
  • That is generally not possible. AWS resources do not belong to user entities, they belong to the account. – luk2302 Feb 06 '23 at 09:18
  • Thank you for your answer A second solution would be to use a tag for resources with the value being the IAM User entity and then give permissions based on this tag. I didn't mention this solution initially because I believe it is more of a trick than a solution. – Adrien Kaczmarek Feb 06 '23 at 09:54

0 Answers0