Create management groups to map users to AWS accounts and roles

You need to create another set of external-directory groupsGroups allow you to organize your end users and the apps they can access. Assigning apps to large sets of end users is made easier with groups. to establish a link between sets of users and the specific AWS accounts and roles that they want to access. Management groups are the primary method for managing user access to AWS entitlements.

  1. If you do not have existing groups in AD to manage AWS user entitlements, complete these tasks:

  2. Assign each management group to the AWS role group or groups that it needs to access. This establishes a link between the management groups and the entitlements in all AWS accounts to which group users need to access.

  3. For each management group, in the Members Of tab of the DevOps Sys Admins Properties dialog box add, remove, modify, or audit AWS entitlements.

  1. On the Members tab of the DevOps Sys Admins Properties dialog box, assign individual users to the management groups to make them members of the AWS role group.