By using AWS re:Post, you agree to the Terms of Use
/AWS SSO - what OU/account to use?/

AWS SSO - what OU/account to use?

0

Hi,

We have a greenfield environment and I am looking at the best way to set up AWS Organization and underlying OUs with accounts. We also use SSO. According to https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/organizing-your-aws-environment.pdf#benefits-of-using-multiple-aws-accounts , we should only have any services in management account. I am trying to figure out OU/account should SSO go to according to that document. Should it go to Shared Infra? Or are there any limitations that I should know of and SSO must be part of Management account?

1 Answers
1

Easiest way to setup the landing zone is to use Control Tower. The only caveat with SSO is that you need to deploy CT in the management account in the same region where the existing SSO is deployed. Control Tower wont change the existing SSO. SSO will live in the management account and is not considered a "workload".

References:

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions