Migrate IAM Users to AWS SSO
Is there a way to migrate IAM Users to AWS SSO? So, I don't have to re-enter the users again.
I know I can list my users with the following command:
aws organizations list-accounts
It's not an easy task, you need to have a plan because it not just involves copy-and-paste the username, but also the permission configuration in your account (Otherwise, you'll just create a bunch of users without any permission).
- First, you need to gather the list of IAM users, and categorise them into groups according to their permission level.
- For every permission level, you need to create a permission set
- Create SSO users (Note that the information required is more than IAM users, you'll need the users' email address. So you can't simply copying the IAM username here)
- Create group and add the SSO users into them by the permission category you defined earlier
- Assign permission sets to different groups
Migrating to AWS SSO is not just a technical task but also an opportunity to review the access management of your organisation.
Reuse or link IAM users and groups from Management Account to a new AWS account / OUAccepted Answerasked 7 months ago
Manage identities in AWS SSO - how to create Users via CLI or API ?asked 7 months ago
Is it possible to give AWS SSO users Lake Formation data access?asked 7 months ago
How do I sign into re:Post using AWS SSO?Accepted Answerasked 7 months ago
Migrate IAM Users to AWS SSOasked 24 days ago
AWS Service Catalog. Grant SSO Users to the Portfolioasked 2 months ago
AWS SSO - Manage UsersAccepted Answerasked a month ago
Can I keep existing IAM users and add SSO to our accountsasked 2 years ago
How to use IAM users, groups and roles with SSOasked a month ago
Migrate existing SSO config to delegated AWS Accountasked 12 days ago