Migrate IAM Users to AWS SSO
0
Hello everyone,
Is there a way to migrate IAM Users to AWS SSO? So, I don't have to re-enter the users again.
I know I can list my users with the following command: aws organizations list-accounts
Cheers Edu
asked 24 days ago61 views
1 Answers
1
It's not an easy task, you need to have a plan because it not just involves copy-and-paste the username, but also the permission configuration in your account (Otherwise, you'll just create a bunch of users without any permission).
- First, you need to gather the list of IAM users, and categorise them into groups according to their permission level.
- For every permission level, you need to create a permission set
- Create SSO users (Note that the information required is more than IAM users, you'll need the users' email address. So you can't simply copying the IAM username here)
- Create group and add the SSO users into them by the permission category you defined earlier
- Assign permission sets to different groups
Migrating to AWS SSO is not just a technical task but also an opportunity to review the access management of your organisation.
answered 24 days ago
Relevant questions
Reuse or link IAM users and groups from Management Account to a new AWS account / OU
Accepted Answerasked 7 months agoManage identities in AWS SSO - how to create Users via CLI or API ?
asked 7 months agoIs it possible to give AWS SSO users Lake Formation data access?
asked 7 months agoHow do I sign into re:Post using AWS SSO?
Accepted Answerasked 7 months agoMigrate IAM Users to AWS SSO
asked 24 days agoAWS Service Catalog. Grant SSO Users to the Portfolio
asked 2 months agoAWS SSO - Manage Users
Accepted Answerasked a month agoCan I keep existing IAM users and add SSO to our accounts
asked 2 years agoHow to use IAM users, groups and roles with SSO
asked a month agoMigrate existing SSO config to delegated AWS Account
asked 12 days ago