Migrate IAM Users to AWS SSO


Hello everyone, Is there a way to migrate IAM Users to AWS SSO? So, I don't have to re-enter the users again. I know I can list my users with the following command: aws organizations list-accounts

Cheers Edu

asked 2 years ago2575 views
1 Answer

It's not an easy task, you need to have a plan because it not just involves copy-and-paste the username, but also the permission configuration in your account (Otherwise, you'll just create a bunch of users without any permission).

  1. First, you need to gather the list of IAM users, and categorise them into groups according to their permission level.
  2. For every permission level, you need to create a permission set
  3. Create SSO users (Note that the information required is more than IAM users, you'll need the users' email address. So you can't simply copying the IAM username here)
  4. Create group and add the SSO users into them by the permission category you defined earlier
  5. Assign permission sets to different groups

Migrating to AWS SSO is not just a technical task but also an opportunity to review the access management of your organisation.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions