Yes I should be asking this in the official AWS forums, but nobody responds to most questions and even when they do, the advice isn't even helpful RIP. IAM is the traditional way of setting permissions to users in the admin's company/organization but is more complex and less secure. Identity Center is the newer offshoot that is more secure and less complex, but also more streamlined and is what AWS recommends. Now obviously there's no confirmation but I'm not surprised if one day AWS deprecates IAM and only Identity Center remains.
- 4 mo
I still use IAM for AWS, but for me, it's also kinda for legacy solutions we still use...
If you can do it with Identity Center, just go for it15 Reply- 4 mo
I'm trying to get my business partner to access Lex bots I'm making, but even after provisioning the necessary permission set and policies attached, he still can't access them. My bots are still in draft mode and he is able to access AWS console and Lex itself, when before he couldn't access anything upon signing in.
- 4 mo
According to official documentation and from what AmazonQ (AWS' tech support bot) and Bing AI told me, even if I set him up as an IAM user and was able to properly set up the resource based policies, he would still be limited on what he can do due to the bots being in draft mode. I have next to no experience with resource based policies, and while I do have some experience with JSON, it's not enough to let me be skilled enough to properly create valid policies. I've decided to just publish the Lex bots prematurely so hopefully my business partner/friend can access and work on it with me together.
- 4 mo
So what I mean is I already registered him as a user and did all that in Identity Center, but because Identity Center and IAM are separate, he's technically not considered to be an IAM user. Only those registered in IAM and granted permission sets and policies there can access AWS applications that are still in draft mode iirc. Although to be fair, I don't know how to really use Lambda or Cloudshell, so maybe he can still access the Lex bots that way.
- 4 mo
It's quite custom stuff you try to do... But if there is access to Lex, access to based on it bots should also be granted... Logically looking at it...
Maybe draft mode is a problem? Sorry, it's beyond my experience I'm clearly guessing :D
But it's AWS, here unexplained things happen every day :/ - 4 mo
Yeah AWS is very complicated to use and that's why other competitors like Salesforce and Azure have become more popular in recent years. Specifically, I provisioned SystemAdministrator permission set with a policy of the same name and AmazonLexFullAccess policy attached to it. In theory, he should have no problems with accessing and editing the bots, but from the screenshots he showed me, the list of bots are completely empty in Lex. Identity Center doesn't show any errors associated with him so that can be ruled out.
What Girls & Guys Said
Opinion
0Opinion
- Anonymous(30-35)4 mo
Post this somewhere where it might make sense to someone.
01 Reply- New 4 mo
How about you post somewhere else if you don't want to properly contribute?
Learn more
We're glad to see you liked this post.
You can also add your opinion below!
Most Helpful Opinions