How to use IAM users, groups and roles with SSO

0

My organization has no AD nor any IdP that can be used to link AWS SSO to. I see that the SSO identity store has no cf/cli/api feature to manage users.

Is there a way to use IAM users, goups and roles in the root account to log into the other organization accounts?

If so, how to?

1개 답변
2

You can log into the member accounts from the root account by Switch Role. Of course, you need to attach proper permission to the IAM users, goups and roles in the root account.

If Organizations not Control Tower, the role "OrganizationAccountAccessRole" in default is assigned to the member accounts. If Control Tower, "AWSControlTowerExecution" is assigned.

In this use case, the root account is often called as jump account. However, for example In production, It is better to use another account not the root account as jump account for separating permissions from the root account.

https://aws.amazon.com/premiumsupport/knowledge-center/organizations-member-account-access/

https://docs.aws.amazon.com/controltower/latest/userguide/roles-how.html

AWS
suzuki
답변함 2년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠