Will AWS SSO conflict with IAM ID provider?

Question

Hi -  
I already have a few AWS accounts that use IAM and a SAML identity provider (Azure AD).  I'd like to start implementing AWS SSO, but I want to make sure that it will not conflict with my existing integrations with IAM and federations.  Can anyone comment on that?  
  
Thanks  
  
Al

Accepted Answer

Hi Al,  
  
If you start using SSO your existing integrations with IAM will not be impacted.   
  
When you use SSO a new IdP(Identity provider) with the name format: "AWSSSO_e1234a56b0b90f8b_DO_NOT_DELETE" is created.  
  
After this when you create permission sets and assign them to user, the roles corresponding to these permission sets are then created in IAM with the following name format:-  
This role was created for the permission set name: AdministratorAccess= "AWSReservedSSO_AdministratorAccess_e12a34c56dfb478a"   
  
These roles then have a trust relationship policy which trust the Identity provider created by SSO.   
  
I hope this answers your query.

Will AWS SSO conflict with IAM ID provider?

相关内容