Set up centralized access management foundation with AWS IAM Identity Center and IAM.
SecurityAuditors
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:Get*",
"iam:List*",
"iam:Generate*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cloudtrail:Get*",
"cloudtrail:List*",
"cloudtrail:Describe*"
],
"Resource": "*"
}
]
}
SecurityAuditPolicy
SecurityAuditor
Read-only access for security auditing
In IAM Identity Center, click Users in the sidebar
Click Add user
Enter user information:
security-auditor
Security
Auditor
Click Next and Add user
Click Groups in the sidebar
Click Create group
Enter:
SecurityAuditors
Security auditing team
Add users to group
security-auditor
Click Create group
Click AWS accounts in the sidebar
Select the account to assign permissions
Click Assign users or groups
Select Groups tab
Select group SecurityAuditors
Click Next
Select permission set SecurityAuditor
Click Next and Submit
After completing this step, you will have:
Continue to 4. Certification Automation to set up automated certification processes.