Are sso-directory role permissions used for anything still?

Question

Are "sso-directory" role permissions used for anything still? From what I see the Identity Store has taken over the SSO directory's role and there are separate "identitystore" role permissions. Are they roughly equivalent?

Answer

`sso-directory` is the services prefix for the AWS IAM identity Center directory (successor to AWS Single Sign-On directory or AWS SSO directory) 
, while `identitystore` is the services prefix for the AWS Identity Store (legacy term: AWS SSO store or AWS SSO identity store).

So both exist, but are used for different things.

To give an example:   
* `identitystore:CreateGroup` would grant permission to create a group in the specified IdentityStore
* `sso-directory:CreateGroup` would grant permission to create a group in the directory that AWS IAM Identity Center provides by default

Are sso-directory role permissions used for anything still?

相关内容