Working with Permissions Requests in AWS IQ - AWS IQ

Working with Permissions Requests in AWS IQ

After you and a customer agree on a proposal, request access to the customer's account, if necessary to complete the work. This topic explains how to create such a request.

The following permissions policies are available in AWS IQ. You can include details about why you are requesting that level of permissions.

Tip

It is an AWS security best practice to grant the least amount of privileges necessary to perform a task.

Prerequisite

Create a Permissions Request

You create a permissions request using the AWS IQ console.

  1. Sign in to the AWS IQ console at https://iq.aws.amazon.com/.

  2. On the Requests page, choose Responded.

  3. Choose the customer request for which you are creating the permission request.

  4. Choose Request Permission in the Proposals pane under the accepted proposal.

  5. Choose the Permission policy you will need to perform the work.

  6. Optionally, explain why this role is appropriate for your project in the Description field.

  7. Choose Request.

    The customer will receive the request and accept or decline it.

Note

The customer will be able to review AWS CloudTrail logs of your activity in their account. The customer can revoke access at any time.

Permission Levels in AWS IQ

The following IAM managed policies for job functions are available in AWS IQ:

AdministratorAccess

Provides full access to AWS services and resources. For more information, see AWS Managed Policies for Job Functions in the AWS Identity and Access Management (IAM) User Guide.

Billing

Provides full access to billing and cost management. This includes viewing account usage and viewing and modifying budgets and payment methods. For more information, see AWS Managed Policies for Job Functions in the IAM User Guide.

DatabaseAdministrator

Provides full access to AWS services and actions required to set up and configure AWS database services. For more information, see AWS Managed Policies for Job Functions in the IAM User Guide.

NetworkAdministrator

Provides full access to AWS services and actions required to set up and configure AWS network resources. For more information, see AWS Managed Policies for Job Functions in the IAM User Guide.

PowerUserAccess

Provides full access to AWS services and resources, but does not allow management of Users and groups. For more information, see AWS Managed Policies for Job Functions in the IAM User Guide.

SecurityAudit

Provides full access to read security configuration metadata. It is useful for software that audits the configuration of an AWS account. For more information, see AWS Managed Policies for Job Functions in the IAM User Guide.

SupportUser

Provides full access to troubleshoot and resolve issues in an AWS account. This policy also enables the user to contact AWS support to create and manage cases. For more information, see AWS Managed Policies for Job Functions in the IAM User Guide.

SystemAdministrator

Provides full access to resources required for application and development operations. For more information, see AWS Managed Policies for Job Functions in the IAM User Guide.

ViewOnlyAccess

Provides full access to view resources and basic metadata across all AWS services. For more information, see AWS Managed Policies for Job Functions in the IAM User Guide.