Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso

AWS SSO in Control Tower / Organisations with Systems Manager Run As

0

Have a Control Tower Setup and in main account have set ABAC - SSMSessionRunAs = ${user:name} in AWS SSO. In one of the Workload accounts, I have configured Systems Manager Preferences with "Run As" but with empty user. The expected behaviour is that sessions in System Manager will be created with the AWS user account (not ssm-user). However error "Invalid RunAs username. Set default username in Session Manager Preferences page." is displayed. Of course, if I set the Run As in Systems Manager Preferences to ssm-user the Systems Manager session connects as ssm-user (not the AWS user account). A matching user account has been added to the Linux Amazon OS. It appears the ABAC variable isn't passed through to Systems Manager? The strange thing is this worked yesterday? I have also tried ABAC ${path:userName}.

1 Respuesta
1

Hey there,

Sounds like this blog may be exactly what you need.

profile pictureAWS
respondido hace 3 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas