AWS Well-Architected Tool
User Guide

Provisioning an IAM User

  1. Create an IAM user or use an existing one associated with your AWS account. For more information, see Creating an IAM User in the IAM User Guide.

  2. Grant the IAM user access to the AWS Well-Architected Tool.

Full access

Full access allows the user to perform all actions in AWS WA Tool. This access is required to define workloads and run workload reviews.

Apply the WellArchitectedConsoleFullAccess managed policy to the user.

If you prefer to apply a custom inline policy, here is an example:

{ "Version": "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Action" : [ "wellarchitected:*" ], "Resource": "*" } ] }
Read-only access

Read-only access allows the user to see the results of workload reviews.

Apply the WellArchitectedConsoleReadOnlyAccess managed policy to the user.

If you prefer to apply a custom inline policy, here is an example:

{ "Version": "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Action" : [ "wellarchitected:Get*", "wellarchitected:List*" ], "Resource": "*" } ] }

The managed policies can be attached to an IAM user, group, or role.

To learn how to attach a policy to an IAM user, see Working with Policies. For more information, see Security.