AWS Directory Service
Administration Guide (Version 1.0)

Assigning Users or Groups to an Existing Role

You can assign an existing IAM role to an AWS Directory Service user or group. The role must have a trust relationship with AWS Directory Service. For more information, see Editing the Trust Relationship for an Existing Role.

To assign users or groups to an existing IAM role

  1. In the AWS Directory Service console navigation pane, choose Directories.

  2. On the Directories page, choose your directory ID.

  3. On the Directory details page, select the Application management tab.

  4. Under the AWS apps & services section, choose AWS Management Console.

  5. In the Manage access to AWS Resources dialog box, choose Continue.

  6. In the Assign users and groups to IAM roles page, choose click here to create new IAM roles. If you already have an existing IAM role that has a trust relationship defined in the policy document, skip to the next step.

  7. Under Add Users and Groups to Roles, choose the link for the existing IAM role that you want to assign users to.

  8. In the Role Detail page, choose Add.

  9. In the Add Users and Groups to Role page, next to Select Forest, choose either the AWS Managed Microsoft AD forest (this forest) or the on-premises forest (trusted forest), whichever contains where the accounts that need access to the AWS Management Console. For more information about how to set up a trusted forest, see Tutorial: Create a Trust Relationship Between Your AWS Managed Microsoft AD and Your On-Premises Domain.

  10. Next to Search for, choose either User or Group, and then type the name of the user or group. In the list of possible matches, choose the user or group that you want to add.

  11. Choose Add to finish assigning the users and groups to the role.