Managing permissions for Amazon AppFlow users - Amazon AppFlow
Adding a new userGranting accessChanging accessCreating custom access policies

Managing permissions for Amazon AppFlow users

The following sections walk you through managing permissions for Amazon AppFlow users. You can learn how to add new users, grant access for existing users, change access levels, and create custom access policies.

Adding a new user

The following procedure shows how to add a new user to Amazon AppFlow and grant a permissions policy to the new user.

To add a new user

  1. Open the Amazon AppFlow console at https://console.aws.amazon.com/appflow/.

  2. In the navigation pane, choose Users, and then choose Create user. This takes you directly to the User page on the IAM console.

  3. Choose Add user.

  4. Enter a user name for the new user.

  5. Choose AWS Management Console Access. This allows the user to sign in based on the password that you assign.

  6. Choose an auto-generated or custom password.

    Tip

    We recommend that you select the option that requires the user to reset the password.

  7. Choose Next: Permissions.

  8. Under Set permissions, choose Attach existing policies directly.

  9. Search for one of the predefined Amazon AppFlow policies.

    • Alternatively, you can create your own policy.

    • You can also attach policies for other AWS services at this time, if needed. For example, enter S3 in the search box to see available policies for accessing Amazon S3.

  10. Choose Next: Tags. Adding tags is optional.

  11. Choose Next: Review and review your choices.

  12. Choose Create user to create the user and view their security credentials, which you can now download. This is the last time these credentials will be available to download. However, you can create new credentials at any time.

  13. Choose the Send email link to send login instructions to the new user.

    Tip

    We recommend that you send the password in a separate email.

Granting access for existing users

The following procedure shows how to grant Amazon AppFlow access to an existing IAM user.

To grant access

  1. Open the Amazon AppFlow console at https://console.aws.amazon.com/appflow/.

  2. In the navigation pane, choose Users, and then choose Create user. This takes you directly to the User page on the IAM console.

  3. Choose the user who requires Amazon AppFlow permissions.

  4. Choose Add permissions.

  5. Under Set permissions, choose Attach existing policies directly.

  6. Search for one of predefined Amazon AppFlow policies.

  7. Choose Next: Review to review the permissions that you added.

  8. Choose Add permissions.

Changing access levels

The following procedure shows how to change the Amazon AppFlow access level of an existing IAM user.

To change access levels for existing users

  1. Open the Amazon AppFlow console at https://console.aws.amazon.com/appflow/.

  2. In the navigation pane, choose Users, and then choose Create user. This takes you directly to the User page on the IAM console.

  3. Choose the user whose Amazon AppFlow access you want to change.

  4. Choose X next to the existing policy that you want to delete.

  5. Choose Detach.

  6. Choose Add permissions to add a new policy.

  7. Under Set permissions, choose Attach existing policies directly.

  8. Search for one of predefined Amazon AppFlow policies.

  9. Choose Next: Review to review the permissions you have added.

  10. Choose Add permissions.

Creating custom access policies

You can create a custom IAM policy and assign it to a user, group, or role.

In the action Action of your custom policy statement, you can specify the desired permissible actions for Amazon AppFlow. To see a full list of Amazon AppFlow actions, see Actions defined by Amazon AppFlow in the Service Authorization Reference.

To learn more about the Amazon AppFlow-specific resources, actions, and condition context keys used in IAM permissions policies, see Actions, resources, and condition keys for Amazon AppFlow in the IAM User Guide.

To create a custom access policy

  1. Open the IAM console at https://console.aws.amazon.com/iam/.

  2. Choose Policies.

  3. Choose Create policy.

  4. In the visual editor, choose Amazon AppFlow as the service, and follow the instructions to add specific permissions to the policy that you create.