AWS WA Tool deepens the integration with AWS Service Catalog AppRegistry to enhance workload discovery.
Providing users, groups, or roles access to AWS WA Tool
In this step, you grant access to AWS WA Tool.
Provide access to AWS WA Tool
-
To provide access, add permissions to your users, groups, or roles:
-
Users and groups in AWS IAM Identity Center (successor to AWS Single Sign-On):
Create a permission set. Follow the instructions in Create a permission set in the AWS IAM Identity Center (successor to AWS Single Sign-On) User Guide.
-
Users managed in IAM through an identity provider:
Create a role for identity federation. Follow the instructions in Creating a role for a third-party identity provider (federation) in the IAM User Guide.
-
IAM users:
-
Create a role that your user can assume. Follow the instructions in Creating a role for an IAM user in the IAM User Guide.
-
(Not recommended) Attach a policy directly to a user or add a user to a user group. Follow the instructions in Adding permissions to a user (console) in the IAM User Guide.
-
-
-
To grant full control, apply the WellArchitectedConsoleFullAccess managed policy to the permission set or role.
Full access allows the principal to perform all actions in AWS WA Tool. This access is required to define workloads, delete workloads, view workloads, update workloads, share workloads, create custom lenses, and share custom lenses.
-
To grant read-only access, apply the WellArchitectedConsoleReadOnlyAccess managed policy to the permission set or role. Principals with this role can only view resources.
For more information on these policies, see AWS managed policies for AWS Well-Architected Tool.