How do I set up admin/admin pro users to configure AWS resources?

banhcamvinh · February 15, 2026, 4:12pm

How do I set up admin/admin pro users to configure AWS Resources?

I have one account to create a QuickSuite (let’s call it base), then I create another account (let’s call it A), A is the IAM user. I use the base account to invite account A to QuickSuite with administrator privileges.

When I use account A to access QuickSuite, I’m unable to work with the AWS Resources section

After reviewing the documentation, I learned that account A only has full privileges on QuickSuite and therefore is not allowed to do so. Then I found another document stating that configuring the IAM Policy can turn account A into an administrator account. ( Managing access for Amazon Quick Suite and IAM users - Amazon Quick Suite )

Okay, it works, but does that mean this IAM user also has access to the same policies on the console? Is there another way to configure it correctly for my use case, or does AWS not support this feature yet?

msnehali · February 17, 2026, 11:26am

Hello @banhcamvinh
Welcome to Quick Community!!

When you’re inviting an user in Quick Suite, you get an option to select whether it is an IAM user or not. To manage AWS Resource section, the user requires certain IAM permissions, thus only IAM users can access this section with appropriate permissions, If you select no as IAM user then those users will not have access to sections like AWS resources - this is by design.

Here’s the list of IAM permissions you can use.
[+] IAM policy examples for Quick Suite - Amazon Quick Suite

Yes, IAM user will have access to the policies you add on the console. You need additional permissions for this IAM user to get full access. At the moment, the privileges are managed at granular level with IAM permissions only.

Hope this helps.

banhcamvinh · February 17, 2026, 2:19pm

Thanks for your response.
As i mentioned, it will contains some critical policy like create role, delete role, v.v to have access and update AWS resources. And it’s very dangerous because I only want the person who owns QuickSuite to be able to configure the connection without being able to access the console with such high privileges.
So, in conclusion, there’s no right method for this problem, and we just have to take the risk?

msnehali · February 17, 2026, 5:03pm

I see, yes these are required to get complete admin privileges.

Another thing I would like to suggest, you can explore adding SCPs to restrict access to these IAM roles such that they can only access/modify resources through QuickSight console and not outside. This might work but you would need to check appropriate condition keys that can be applicable
[+] Service control policies (SCPs) - AWS Organizations

Topic		Replies	Views
Quick Suite 'Something went wrong' error when accessing Manage AWS Resources despite comprehensive IAM permissions Q&A admin , data-source , account	2	26	February 19, 2026
Allowing authors that aren't IAM users in account Q&A administration	2	1211	April 26, 2022
Access Quicksight console via an assumed IAM role instead of IDC Q&A admin , account	2	186	November 6, 2025
No "Invite User" option and I can't change roles Q&A	5	992	February 16, 2023
Permission for Isengard team account Q&A	1	1359	July 26, 2023

How do I set up admin/admin pro users to configure AWS resources?

Related topics