By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Create an SSO and Identity Store using Cloudformation

0

Hello,

Please i would like an Expert Advise and sample template on creating SSO and Identity Store, them a User with Cloudformation

Regards

Topics
Security, Identity, & ComplianceManagement & GovernanceDevOps
Tags
AWS Identity and Access ManagementAWS CloudFormationAWS IAM Identity CenterDevOps
Language
English
Nafiu
asked a month ago398 views
1 Answer
1
Accepted Answer

Hello.

Although you cannot enable IAM Identity Center with CloudFormation, you can create permission sets, etc.
https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/AWS_SSO.html

Create a permission set with "AWS::SSO::PermissionSet" and link it to the account with "AWS::SSO::Assignment".

PermissionSet:
  Type: AWS::SSO::PermissionSet
  Properties:
    InstanceArn: 'arn:aws:sso:::instance/ssoins-xxxxxxxxxxxxxxxx'
    Name: 'AdministratorAccess'
    ManagedPolicies:
    - 'arn:aws:iam::aws:policy/AdministratorAccess'

Assignment: 
  Type: AWS::SSO::Assignment
  Properties: 
    InstanceArn: 'arn:aws:sso:::instance/ssoins-xxxxxxxxxxxxxxxx'
    PermissionSetArn: !GetAtt PermissionSet.PermissionSetArn
    TargetId: '123456789012'
    TargetType: AWS_ACCOUNT
    PrincipalId: 'f81d4fae-7dec-11d0-a765-00a0c91e6bf6'
    PrincipalType: 'GROUP'
profile picture
EXPERT
Riku_Kobayashi
answered a month ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content