- Newest
- Most votes
- Most comments
Hello CPB,
Are you familiar with AWS Organizations and the Service Control Policies (SCPs) implemented within your account structure? It's possible that the restrictions you're experiencing could be related to the SCPs configured at the AWS Organization level.
For further clarification, I recommend reviewing the following resources:
So when I look in the root account the only SCP which is in the list is the FullAWSAccess policy, which is identical to the AdministratorAccess Policy. However this policy isn't attached to any entities as I'm provisioning the user via the IAM identity centre.
In fact I'm not even able to access that policy when assigning a permission set to my user.
On the other hand, since this issue relates to an IAM Identity Center (IDC) SSO user, it could be due to improper provisioning or incomplete registration, including steps like MFA setup. For more insights, you can review this Repost discussion: Issue with SSO User Registration.
This post provides helpful information on troubleshooting SSO user registration issues.
The user is able to log in successfully via the access panel and via the CLI tool using
aws configure sso
so the issue isn't in the provisioning of the user. I might be misunderstanding but I wouldn't be able to log in or access the console if the account was not provisioned right?
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 6 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 18 days ago
- AWS OFFICIALUpdated a year ago
Can you explain what you're seeing on the VPC service page when you say " complete registration modal view"?
So I see the "complete sign up" modal with this text:
"Thanks for signing up for Amazon Web Services. If we have directed you to this page, then you have not finished registering. Make sure you have done the following:
Provided all required information during sign-up. This includes adding a payment method, completing identity verification, and selecting a support plan. Responded to any additional information we have requested by email. Check your spam and junk email folders to make sure you have not missed any such requests. Verified your credit card information. We might temporarily hold up to $1 USD (or an equivalent amount in local currency) as a pending transaction for 3-5 days to verify your identity. This is an authorization, and you might need to contact your card issuer to approve it. It might take up to 24 hours to fully activate your AWS services. If you can’t access your services after that time, contact support."
However the root account has completed the registration and sign up and assigned a payment method.
If I click the "Complete your AWS Registration" button at the bottom, I'm taken to the "successfully signed up page" and simply redirected to the management console.