Attach and detach policies for Amazon Web Services (AWS) identities

This article describes how you can attach and detach permissions for users, roles, and groups for Amazon Web Services (AWS) identities using the Remediation dashboard.

Note

To view the Remediation tab, your must have Viewer, Controller, or Administrator permissions. To make changes on this tab, you must have Controller or Administrator permissions. If you don't have these permissions, contact your system administrator.

View permissions

1. On the Permissions Management home page, select the Remediation tab, and then select the Permissions subtab.

2. From the Authorization System Type dropdown, select AWS.

3. From the Authorization System dropdown, select the accounts you want to access.

4. From the Search For dropdown, select Group, User, or Role.

5. To search for more parameters, you can make a selection from the User States, Permission Creep Index, and Task Usage dropdowns.

6. Select Apply. Permissions Management displays a list of users, roles, or groups that match your criteria.

7. In Enter a username, enter or select a user.

8. In Enter a group name, enter or select a group, then select Apply.

9. Make a selection from the results list.

   The table displays the related Username Domain/Account, Source and Policy Name.

Attach policies

1. On the Permissions Management home page, select the Remediation tab, and then select the Permissions subtab.
2. From the Authorization System Type dropdown, select AWS.
3. In Enter a username, enter or select a user.
4. In Enter a Group Name, enter or select a group, then select Apply.
5. Make a selection from the results list.
6. To attach a policy, select Attach Policies.
7. In the Attach Policies page, from the Available policies list, select the plus sign (+) to move the policy to the Selected policies list.
8. When you have finished adding policies, select Submit.
9. When the following message displays: Are you sure you want to change permission?, select:
   • Generate Script to generate a script where you can manually add/remove the permissions you selected.
   • Execute to change the permission.
   • Close to cancel the action.

Detach policies

1. On the Permissions Management Permissions Management home page, select the Remediation tab, and then select the Permissions subtab.
2. From the Authorization System Type dropdown, select AWS.
3. In Enter a username, enter or select a user.
4. In Enter a Group Name, enter or select a group, then select Apply.
5. Make a selection from the results list.
6. To remove a policy, select Detach Policies.
7. In the Detach Policies page, from the Available policies list, select the plus sign (+) to move the policy to the Selected policies list.
8. When you have finished selecting policies, select Submit.
9. When the following message displays: Are you sure you want to change permission?, select:
   • Generate Script to generate a script where you can manually add/remove the permissions you selected.
   • Execute to change the permission.
   • Close to cancel the action.

Next steps

• For information on how to view existing roles/policies, requests, and permissions, see View roles/policies, requests, and permission in the Remediation dashboard.
• For information on how to create a role/policy, see Create a role/policy.
• For information on how to clone a role/policy, see Clone a role/policy.
• For information on how to delete a role/policy, see Delete a role/policy.
• For information on how to modify a role/policy, see Modify a role/policy](how-to-modify-role-policy.md).
• To view information about roles/policies, see View information about roles/policies.
• For information on how to revoke high-risk and unused tasks or assign read-only status for Microsoft Azure and Google Cloud Platform (GCP) identities, see Revoke high-risk and unused tasks or assign read-only status for Azure and GCP identities For information on how to create or approve a request for permissions, see Create or approve a request for permissions.