By using AWS re:Post, you agree to the Terms of Use
/AWS SSO and multiple regions/

AWS SSO and multiple regions


Hi We have an AWS Organisation that has SSO setup on in London Region. We are looking at possible options on how to use Ireland as DR Region for our AWS services. It seems that AWS SSO is single region only and you can't have two SSO in different regions in the same AWS organization. This has been confirmed by AWS support , apparently there is a feature request to have it fixed at some point. This means we have to find out some alternatives in case SSO in London Region goes down. What would you suggest to look at in this scenario? We have AzureAD and I was wondering if it some federation can coexist with AWS SSO and solve this provlem?

1 Answers

You can only have a single AWS SSO deployment per organization. If you want to have approximate DR functionality for your SSO deployment, you would have to have a separate AWS account with a separate SSO deployment. This implies you would also have a DR organization. You could still have both deployments communicating with the same IdP though. The challenges are that you would have to either make sure users have the alternate URL to the SSO portal, or you could possible create and update a CNAME, which might be a better solution for end users. You would also have to configure all groups, apps, etc manually in the DR SSO deployment.

answered 4 months ago
  • Thank you. I was thinking about having DR organization but this would be a total overkill for what we have at the moment to be honest. Someone suggested using IAM users instead but this looks too blunt for me. There should be something in the middle..

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions