Identity Center use across Regions

1

Hi

I have a single AWS Account, with EC2 instances deployed in multiple Regions. I just set up IAM Identity Center in one Region using Azure AD as my Directory source. I set up one click login access to my EC2 instances via Fleet Manager as per the following post - https://aws.amazon.com/blogs/security/how-to-enable-secure-seamless-single-sign-on-to-amazon-ec2-windows-instances-with-aws-sso/.

This process worked in the home Region, and I was able to connect to an EC2 instance with my Azure AD Credentials. When I switch to another Region and click on Connect with Remote Desktop, I'm not provided with the SSO option.

While I can execute other functions in other Regions with my SSO account, is there a limitation in Fleet Manager where it doesn't recognise my SSO credentials?

Thanks Mick

Mick S
asked 17 days ago40 views
1 Answer
1

Hello Mick,

The behaviour you have pointed out is an expected one. As you are trying to connect RDP into instances using Fleet manager on one-click authentication with SSO, the authentication will be done in the region where IAM Identity Center(SSO) is enabled. Therefore, you will not be able to view the option to select authentication type as SSO in the regions where SSO was not enabled. On this note, please allow me to remind you that IAM Identity Center is only supported in one AWS region at a time.[1]

If you're authenticated to the AWS Management Console using AWS IAM Identity Center, Fleet Manager integrates with AWS IAM Identity Center so you can connect to your instances without providing additional credentials. Fleet Manager supports AWS IAM Identity Center authenticated RDP connections in the same AWS Region where you enabled AWS IAM Identity Center[2]

Reference

[1] AWS IAM Identity Center (successor to AWS Single Sign-On) Region availability - IAM Identity Center Region data - https://docs.aws.amazon.com/singlesignon/latest/userguide/regions.html#region-data

[2] Connect using Remote Desktop - https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-rdp.html

Divya_A
answered 15 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions