Account level IAM vs IAM Identity Center

We have multiple AWS Accounts that all have their own individual IAM Users/Groups and permissions. These are all from acquisitions. We've created an AWS Organization and enabled all features.

My question is, when we add an external IDP for SSO, will the Users/Groups at the Account level IAM remain intact? Based on the documentation I believe they will, and at this point we can start migrating the Users/Groups out of the Account level IAM and into the Org level SSO?

Some of these accounts are critical and I just want to be really clear before I potentially make a huge mistake.

주제

보안, 신원 및 규정 준수 관리 및 거버넌스

태그

보안, 신원 및 규정 준수 AWS 자격 증명 및 액세스 관리 AWS 조직 AWS IAM 자격 증명 센터 AWS 계정 관리

언어

English

rePost-User-2780601

질문됨 2년 전2193회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

수락된 답변

Correct, when you enable AWS IAM Identity Center (formerly SSO), nothing happens to your existing IAM users, groups, roles or policies in the accounts. You can continue to use them in parallel with SSO.

See this previously answered question: https://repost.aws/questions/QUfNomVCt5TCiac7oQoT8n0A/can-i-keep-existing-iam-users-and-add-sso-to-our-accounts

전문가

Matt-B

답변함 2년 전

전문가

Oleksii Bebych

검토됨 14일 전

전문가

Sedat Salman

검토됨 10달 전

Account level IAM vs IAM Identity Center

관련 콘텐츠