Controlling Access to Amazon Chime admin console using IAM
Access to the Amazon Chime administration console is managed through the AWS Identity and Access Management (IAM) service. AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
To provide access to the Amazon Chime Console to others, you create IAM users for them to use to log into the AWS account and then access the Amazon Chime console. Using IAM you can grant permissions for these users at a granular level to block or provide read and write access permissions to various details and actions of your Amazon Chime account(s), such as changing permissions, adding users, resetting a users meeting PIN. You create IAM policies that are applied to individual users or groups.
If you are new to IAM see Creating Your First IAM Admin User and Group . For more information about IAM policies, see Access Management. For more information about managing and creating custom IAM policies, see Working with Policies.
The easiest way to manage access for your users who will be provide support services or managing the Amazon Chime account via the Amazon Chime administration console is to use one of the following AWS managed policies preconfigured for Amazon Chime. AWS managed policies are built for specific use cases and will be automatically updated by the Amazon Chime service team when new capabilities are added so your users have immediate access without changes to a custom policy.
Amazon Chime Managed Policies
Amazon Chime provides three AWS managed policies which can be leveraged by customers using IAM roles to control access to the user management and account setup and configuration capabilities from the Amazon Chime administration console.
- AmazonChimeFullAccess provides full access to Amazon Chime user management and account configuration.
- AmazonChimeReadOnly provides read only access to Amazon Chime user management and account configuration.
- AmazonChimeUserManagement provides full user management capabilities and read only access to account settings and configuration.
See the Amazon Chime Actions table below for actions associated with the above managed policies.
The following screens show a group called Admin with three users:
The Permissions tab shows that the users in the Admin group will have all the actions granted and managed in the AmazonChimeFullAccess managed policy.
Amazon Chime Actions
You can find a list of the all Amazon Chime actions here: https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonchime.html