Account level IAM vs IAM Identity Center

Question

We have multiple AWS Accounts that all have their own individual IAM Users/Groups and permissions. These are all from acquisitions. We've created an AWS Organization and enabled all features.

My question is, when we add an external IDP for SSO, will the Users/Groups at the Account level IAM remain intact? Based on the documentation I believe they will, and at this point we can start migrating the Users/Groups out of the Account level IAM and into the Org level SSO?

Some of these accounts are critical and I just want to be really clear before I potentially make a huge mistake.

Accepted Answer

Correct, when you enable AWS IAM Identity Center (formerly SSO), nothing happens to your existing IAM users, groups, roles or policies in the accounts.  You can continue to use them in parallel with SSO.

See this previously answered question:
https://repost.aws/questions/QUfNomVCt5TCiac7oQoT8n0A/can-i-keep-existing-iam-users-and-add-sso-to-our-accounts

Account level IAM vs IAM Identity Center

相关内容