{"id":107,"date":"2023-09-21T12:42:02","date_gmt":"2023-09-21T03:42:02","guid":{"rendered":"https:\/\/blog.interstellar.co.jp\/en\/?p=107"},"modified":"2023-09-21T12:42:04","modified_gmt":"2023-09-21T03:42:04","slug":"iam-identity-center-cant-see-the-health-dashboard-if-only-viewonlyaccess-is-used","status":"publish","type":"post","link":"https:\/\/blog.interstellar.co.jp\/en\/2023\/09\/21\/iam-identity-center-cant-see-the-health-dashboard-if-only-viewonlyaccess-is-used\/","title":{"rendered":"Address the fact that the AWS IAM Identity Center can’t see the Health Dashboard if only ViewOnlyAccess is used."},"content":{"rendered":"\n

Hello, this is Agata.<\/p>\n\n\n\n

It is convenient to manage users with single sign-on using IAM Identity Center, but it is still a hassle to manage permissions in detail as with IAM.<\/p>\n\n\n\n

This time I’m talking about the Health Dashboard related permissions since ViewOnlyAccess didn’t have them.<\/p>\n\n\n\n

Lack of permissions for predefined policies<\/h1>\n\n\n\n

I had attached the AWS Managed Policy ViewOnlyAccess in the IAM Identity Center permission set to a user who does not work directly and only views AWS status.<\/p>\n\n\n\n

However, I was told that Health Dashboard could not be viewed with only this permission, so I checked and sure enough, no Health Dashboard-related permissions were granted.<\/p>\n\n\n\n

It would be better if someone in charge of monitoring and such could see it\u2026. Well, it was no use, so I decided to add my own authorization.<\/p>\n\n\n\n

Policy Creation<\/h1>\n\n\n\n

Create a policy in IAM.<\/p>\n\n\n\n

The policy should look something like the following, allowing all health:Describe~.
(Arrange this area as needed.)<\/p>\n\n\n\n

{\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Effect\": \"Allow\",\n            \"Action\": [\n                \"health:Describe*\"\n            ],\n            \"Resource\": \"*\"\n        }\n    ]\n}<\/code><\/pre>\n\n\n\n
To create a policy, follow these steps<\/p>\n\n\n\n
    \n
  1. In the AWS console, go to IAM > Policies and click Create Policy.<\/li>\n\n\n\n
  2. Switch the policy editor to JSON and enter the following JSON.<\/li>\n\n\n\n
  3. Once entered, click Next.<\/li>\n\n\n\n
  4. Enter a policy name and description as appropriate, and click Create Policy.<\/li>\n<\/ol>\n\n\n\n
    If you are configuring settings for multiple AWS accounts, do this for all of the target AWS accounts. At this time, the policy name must be the same.<\/p>\n\n\n\n
    Policy Attachment<\/h1>\n\n\n\n
    Attach the created policy.<\/p>\n\n\n\n
      \n
    1. Navigate to IAM Identity Center > Permission Sets and click on the target permission set.<\/li>\n\n\n\n
    2. Click “Attach Policy” under Customer Managed Policies.<\/li>\n\n\n\n
    3. Enter a policy name and click “Attach Policy”.<\/li>\n<\/ol>\n\n\n\n
      You should now be able to see the Haelth Dashboard.<\/p>\n","protected":false},"excerpt":{"rendered":"
      Hello, this is Agata. It is convenient to manage users with single sign-on using IAM Identity Center, but it is still a hassle to manage permissions in detail as with IAM. This time I’m talking about the Health Dashboard related permissions since ViewOnlyAccess didn’t have them. Lack of permissions for predefined policies I had attached the AWS Managed Policy ViewOnlyAccess in the IAM Identity Center permission set to a user who does not work directly and only views AWS status. However, I was told that Health Dashboard could not be viewed with only this permission, so I checked and sure enough, no Health Dashboard-related permissions were granted. It would be…<\/p>\n","protected":false},"author":2,"featured_media":109,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"vkexunit_cta_each_option":"","footnotes":""},"categories":[6],"tags":[7],"class_list":["post-107","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aws","tag-aws"],"_links":{"self":[{"href":"https:\/\/blog.interstellar.co.jp\/en\/wp-json\/wp\/v2\/posts\/107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.interstellar.co.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.interstellar.co.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.interstellar.co.jp\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.interstellar.co.jp\/en\/wp-json\/wp\/v2\/comments?post=107"}],"version-history":[{"count":1,"href":"https:\/\/blog.interstellar.co.jp\/en\/wp-json\/wp\/v2\/posts\/107\/revisions"}],"predecessor-version":[{"id":108,"href":"https:\/\/blog.interstellar.co.jp\/en\/wp-json\/wp\/v2\/posts\/107\/revisions\/108"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.interstellar.co.jp\/en\/wp-json\/wp\/v2\/media\/109"}],"wp:attachment":[{"href":"https:\/\/blog.interstellar.co.jp\/en\/wp-json\/wp\/v2\/media?parent=107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.interstellar.co.jp\/en\/wp-json\/wp\/v2\/categories?post=107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.interstellar.co.jp\/en\/wp-json\/wp\/v2\/tags?post=107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}