Table of Contents
Overview of group permissions
We create three groups in Azure AD for every account in AWS. You can add users to these groups to give them permissions to your account. These group names are based on a naming standard and your account name. We give the account owners permissions to update these groups. You can also use IAM policies to apply more granular permissions for resources and users.
- AWS_UIC_<your account name>_read - Has permissions to view objects in your account
- AWS_UIC_<your account name>_power - Has permissions to view and modify resources in your account.
- AWS_UIC_<your account name>_admin - Has your full control over your account, and can also view account billing information
Managing your groups
You can use the Azure AD group tool to manage groups in Azure AD. You can access the tool here: https://myaccount.microsoft.com/groups/groups-i-belong-to
My Account
After you log into the group tool, click on the arrow to the left of "My Apps" and open the "My Groups" Menu item.
Adding users to groups
Search for one of the groups that controls access to your account. It will be of the form "AWS_UIC_"<your account name>
Next, click on the plus sign to add members.
Then search for a group member you want to add and click the "Add" Button. You can search by name or NetID.
User Account Synchronization
After you've added users to your account, please wait up to 1 hour for those accounts to synchronize with AWS.
User Account Sign In
Users can sign in via SSO at the following URL: https://d-9a672cc795.awsapps.com/start