Audit #475281777507 | roberttestrahard.j.a@gmail.com

Log Archive #356443640599 | roberttestrahardj.a@gmail.com

roberttestrahardja #504397852529 | roberttestrahardja@gmail.com AWS Control Tower Admin AWS access portal URL https://d-9667667782.awsapps.com/start

Initial Groups in IAM Identity Center:

AWSServiceCatalogAdmins

Admin rights to account factory in AWS Service Catalog Manual

AWSSecurityAuditPowerUsers

Power user access to all accounts for security audits Manual

AWSAccountFactory

Read-only access to account factory in AWS Service Catalog for end users

Manual

AWSSecurityAuditors

Read-only access to all accounts for security audits

Manual

AWSControlTowerAdmins

Admin rights to AWS Control Tower core and provisioned accounts

Manual

AWSLogArchiveAdmins

Admin rights to log archive account

Manual

AWSAuditAccountAdmins

Admin rights to cross-account audit account

Manual

AWSLogArchiveViewers

Read-only access to log archive account

Manual

Permission Set:

AWSServiceCatalogAdminFullAccess

Provides full access to AWS Service Catalog admin capabilities

arn:aws:sso:::permissionSet/ssoins-821075d4d0675773/ps-f3a57902af28fd35

Provisioned

AWSServiceCatalogEndUserAccess

Provides access to the AWS Service Catalog end user console

Provisioned

AWSOrganizationsFullAccess Provides full access to AWS Organizations

Not provisioned

AWSPowerUserAccess Provides full access to AWS services and resources, but does not allow management of Users and groups

Provisioned

AWSAdministratorAccess Provides full access to AWS services and resources

Provisioned

AWSReadOnlyAccess This policy grants permissions to view resources and basic metadata across all AWS services Provisioned

Organizational structure

Permission sets

Root

r-zp6h

Sandbox

ou-zp6h-mex9vypw

This resource is empty

Security

ou-zp6h-6pzevgg6

Audit

475281777507

roberttestrahard.j.a@gmail.com

AWSAdministratorAccessAWSPowerUserAccessAWSReadOnlyAccess

Log Archive

356443640599

roberttestrahardj.a@gmail.com

AWSAdministratorAccessAWSPowerUserAccessAWSReadOnlyAccess

roberttestrahardja

management account

504397852529

roberttestrahardja@gmail.com

AWSAdministratorAccessAWSPowerUserAccessAWSReadOnlyAccess2 more

roberttest aws notes

Initial Groups in IAM Identity Center:

AWSServiceCatalogAdmins

Admin rights to account factory in AWS Service Catalog Manual

AWSSecurityAuditPowerUsers

Power user access to all accounts for security audits Manual

AWSAccountFactory

Read-only access to account factory in AWS Service Catalog for end users

Manual

AWSSecurityAuditors

Read-only access to all accounts for security audits

Manual

AWSControlTowerAdmins

Admin rights to AWS Control Tower core and provisioned accounts

Manual

AWSLogArchiveAdmins

Admin rights to log archive account

Manual

AWSAuditAccountAdmins

Admin rights to cross-account audit account

Manual

AWSLogArchiveViewers

Read-only access to log archive account

Manual

Permission Set:

AWSServiceCatalogAdminFullAccess

Provides full access to AWS Service Catalog admin capabilities

arn:aws:sso:::permissionSet/ssoins-821075d4d0675773/ps-f3a57902af28fd35

Provisioned

AWSServiceCatalogEndUserAccess

Provides access to the AWS Service Catalog end user console

Provisioned

AWSOrganizationsFullAccess Provides full access to AWS Organizations

Not provisioned

AWSPowerUserAccess Provides full access to AWS services and resources, but does not allow management of Users and groups

Provisioned

AWSAdministratorAccess Provides full access to AWS services and resources

Provisioned

AWSReadOnlyAccess This policy grants permissions to view resources and basic metadata across all AWS services Provisioned

Organizational structure

Permission sets

Root

r-zp6h

Sandbox

ou-zp6h-mex9vypw

This resource is empty

Security

ou-zp6h-6pzevgg6

Audit

475281777507

roberttestrahard.j.a@gmail.com

AWSAdministratorAccessAWSPowerUserAccessAWSReadOnlyAccess

Log Archive

356443640599

roberttestrahardj.a@gmail.com

AWSAdministratorAccessAWSPowerUserAccessAWSReadOnlyAccess

roberttestrahardja

management account

504397852529

roberttestrahardja@gmail.com

AWSAdministratorAccessAWSPowerUserAccessAWSReadOnlyAccess2 more