Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
AWS IAM Identity Center (SSO) - Assign Group to Organizational Unit
Hi all,
Working on an enterprise architecture/environment, having a huge number of AWS Accounts, We are facing some difficulties to assign Users/Groups to multiple-accounts.
So I'm asking if there is a way to assign Users/Groups to the whole Organizational Unit instead of selecting multiple-accounts each time we need to give access to a new employee/developer ?
Thanks alot
Peter
- Tags
- AWS IAM Identity CenterAWS Identity and Access ManagementAWS OrganizationsAWS Account ManagementSecurity, Identity, & Compliance
- Language
- English
- Newest
- Most votes
- Most comments
As far as I know, we can't specify OU to assign AWS accounts to Users/Groups. You would be able to easily implement it by AWS CLI or SDK.
If AWS CLI, the following commands help you. https://docs.aws.amazon.com/cli/latest/reference/organizations/list-accounts-for-parent.html https://docs.aws.amazon.com/cli/latest/reference/sso-admin/create-account-assignment.html
Possible with a little tweak using “ssoutil::SSO::AssignmentGroup” cloud formation macro from aws-sso-util
Relevant content
- asked 2 years ago
- asked 3 years ago
- asked 3 years ago
- asked 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 6 months ago
