A group exists in an organization that is a contract (account) unit of Cloud Automator, and is a collection of AWS authentication information, jobs, policy sets, post processes, etc. Only users who belong to the group can access them.
Multiple groups can be created in the organization.
User types who can use this feature
| Member | Admin | Owner |
|---|---|---|
| × | ◯ | ◯ |
Permission Levels
Users belonging to a group are assigned the following permission levels:
Job
| Permission Level | Description |
|---|---|
| Read and Write (Create job and edit) | Can view, create, update, edit, and delete jobs, policy sets, post-processes, and other resources within the group |
| Read only | Can only view jobs, policy sets, post-processes, and other resources within the group |
WorkSpaces list
| Permission Level | Description |
|---|---|
| Available (Create and download) | Can create and download WorkSpaces lists |
| Available (Only Download) | Can only download WorkSpaces lists |
| Disable |
Cannot use the WorkSpaces list feature |
The WorkSpaces list feature is only available with Business Plan or Enterprise Plan.
Operation Log
| Permission Level | Description |
|---|---|
| Available (Can download operation logs) | Can view and download operation logs |
| Disable |
Cannot view or download operation logs |
Owners and admins always receive operation log access regardless of this setting.
How to manage groups
Add group
-
Click Add Group under Group management menu at the side menu
-
Enter the following information
IAM role shall be created by Add AWS account > Create IAM role (※ AWS managed console shall be opened) With regard to operations in the AWS managed console screen, please refer here.
No Item Description 1 group name The name to be used for the group, please use a name, such as the department name or project name, that is easy to understand. 2 Group color Please specify the color used for the group icon. 3 AWS account IAM roll ARN Enter the ARN of the IAM role.
* Please note that only IAM roles created from this screen can be used.
Account name This is the name that to be applied to the AWS account. Please use a name such as purpose or project name, which is easy to understand. -
Click Add
-
When a group is created, it will move to the group member screen.
List of groups
-
When you click the Group list under Group management in the side menu, it will be displayed.
Edit group
-
Click the Group list under Gropu management in the side menu
-
Click the edit icon for the group you want to edit
-
You can edit the following information on the Basic Information tab:
No Item Description 1 Group Name You can change the group name 2 Group Color You can change the color of the group icon 3 AWS account Edit, add, and delete AWS accounts assigned to the group -
You can add users to a group by clicking the Add Member in the Group Members tab
-
Click the edit icon in the Group Member tab to change the user permission level
-
Click the remove icon in the Group Members tab to remove the user from the group