Grant users and groups access to AWS resources

AWS Directory Service provides the ability to give your directory users and groups access to AWS services and resources, such as access to the Amazon EC2 console. Similar to granting IAM users access to manage directories as described in Identity-based policies (IAM policies), in order for users in your directory to have access to other AWS resources, such as Amazon EC2 you must assign IAM roles and policies to those users and groups. For more information, see IAM roles in the IAM User Guide.

For information about how to grant users access to the AWS Management Console, see Enable access to the AWS Management Console with AD credentials.

Topics

Creating a new role
Editing the trust relationship for an existing role
Assigning users or groups to an existing role
Viewing users and groups assigned to a role
Removing a user or group from a role
Using AWS managed policies with AWS Directory Service

Document Conventions

View directory information

Creating a new role