Share Cloud9 env with SSO users

I've created a Cloud9 environment and I would like to share it with AWS users in my organization. However, we are using IAM Identity Center for SSO, and Cloud9 appears to only work with regular IAM users. Is there any way to share environments with users/groups which are synced using SSO?

Topics

Developer Tools Security, Identity, & Compliance

Tags

AWS Cloud9 AWS IAM Identity Center

Language

English

Prisoner-24601

asked 2 years ago3166 views

2 Answers

Newest
Most votes
Most comments

There is a way to share Cloud9 env with AWS Users (SSO), but you need a User ARN

Follow these steps to grand access:

To get an Identity for AWS User you want to share Cloud9 Env, please ask her or him to execute the below command in AWS CloudShell/Terminal or Cloud9:

aws sts get-caller-identity

Ask them to Copy an ARN from the JSON response and send it to you.
Open a Cloud9 Env that you want to share with the user.
in Cloud9 top right corner, click share
in the "Invite members" section, paste the copied ARN from the previous step.
choose access type Read & Write (RW) or only read (R)
click the Invite button
send a URL link to your Cloud9 for the user you are granted access.
Happy coding {>;}

skroczak

answered a year ago

aryehleib
a year ago
Indeed using the full arn works! I honestly thought I had tried that. Note that if multiple users have the same sso configuration, likely only the very last part of the arn will differ. Thank you very much @skroczak. (I still think better IAM integration would be much preferred for many reasons.)
Sai
8 months ago
How can we share to all the users which are using the same permission set in the federated users? DOes it allows the wild cards? Ex: if the federated user permission set is arn:aws:sts::<account-id>:assumed-role/AWSReservedSSO_ps-07224-c-002_c240e72bbc80fb73/*/ps-07224-c-002?

-1

Have you taken a look at this - https://docs.aws.amazon.com/cloud9/latest/user-guide/setup-enterprise.html

EXPERT

Indranil Banerjee AWS

answered 2 years ago

aryehleib
a year ago
The referenced document seems to explain how a federated (SSO) user can access Cloud9. But I believe the question is how that user, having started a Cloud9 instance, can share the Cloud9 environment by inviting another SSO user in the account. In order to do that, the “owner” of the Cloud9 environment must click “share” in the Cloud9 environment and then enter an “IAM username” to “invite” another user. As the OP stated, that only seems to work for regular IAM users, not IAM Identity Center users. (As an aside, it is extremely strange that Cloud9 environments are user-specific, given that it is designed for real-time collaboration. Would not IAM be sufficient for access control, as with almost every other AWS service?)

Relevant content

Cloud9 sharing issue
Accepted Answer
Ramez
asked a year ago
Cannot Share Cloud9 Environment with Users in my Team
Accepted Answer
HGC_1234
asked 10 months ago
IAMS user can't access Cloud9 IDE
OmneBonum
asked 2 years ago
cloud9 ec2 environment
manoj akula
asked 8 months ago
How can I share a portfolio with accounts in my organization using AWS Service Catalog?
AWS OFFICIALUpdated 3 years ago
How do I use the AWS CLI to get temporary credentials for an IAM Identity Center user?
AWS OFFICIALUpdated 5 months ago
How do I deploy Lambda functions with external libraries using AWS Cloud9?
AWS OFFICIALUpdated 3 years ago
Why can't I connect to my AWS Cloud9 environment using an Amazon EC2 instance that's running Amazon Linux 2 as the jump host?
AWS OFFICIALUpdated 2 years ago
How to connect to a private EC2 instance from a local Visual Studio Code IDE with Session Manager and AWS SSO (CLI)
EXPERT
Faraz_AWS
published 2 years ago
How to Rotate your External IdP Certificates in AWS IAM Identity Center (successor to AWS Single Sign-On) with Zero Downtime
EXPERT
Matt-B
published a year ago