By using AWS re:Post, you agree to the Terms of Use
/AWS SSO Current Account Name/

AWS SSO Current Account Name

2

When I use AWS SSO to switch to AWS account I am able to see only my user name and current assumed role in account (AWSPowerUserAccess/martin@example.com), but I don't see account name or account alias name. So I am not able to simply verify in which account I am switched, is it production, is it development? If I want to check current account I have to go to IAM Console and check its alias (if I have reuired permissions) or I have to go to SSO index and switch to desired account again. Is it possible to configure SSO to show account name together with user and role in navigation bar?

We were previously using roles switching where we were able to use Display Name for account. thanks

  • Exactly running into the same problem, before editing something in a test account I have to check twice that I am not changing production, this costs a lot of time

1 Answers
1

Hey there,

When setting 'Display Name' while switching role, what you're actually doing is setting the value for 'RoleSessionName'. When you assume a role through federation, this value is set for you by the federation broker.

E.g. In a traditional AD FS federation scenario, AD FS would set this for you via Claim Rules that your AD FS administrator would configure.

AWS SSO sets this value for 'RoleSessionName' and at this point in time, you cannot alter the value. The value is a combination of the name of the IAM Role being assumed, and the value of the email attribute of the directory user assuming the role.

Some suggestions on working around this would be to:

  • Use the drop-down to the top-right of the Management Console (where you see the RoleSessionName) and you will see the Account Number. If you have the numbers & name combinations documented, then that could work.
  • You could grant users very minor access to the Account Info page. Just enough to see the Account Name.
  • Or as you mentioned, just simply have users check the account number of the account that they're in against the account number & account name that they can see in the AWS SSO 'My Apps' page.
answered 4 months ago
  • Hello Ciaran, thanks for the answer. We are currently using combination of all threw mentioned possibilities you've mentioned. Also we try to automate as much as possible to reduce to needs of manual work in AWS console. But we still need to be able to work in AWS console in case some like incident response and in that situation in would be really helpful to see always the account name in which I am currently working which would perfectly fit to navigation bar together with current assumed role and email. Can I submit it somewhere as feature request?

  • Hi @Ciaran Carragher, could you please explain more how you would achieve the second point, where can I find the account name?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions