- 最新
- 最多得票
- 最多評論
Azure Active Directory (Azure AD) integration with AWS can be done regardless of the regions where your AWS resources and users are located. AWS's IAM Identity Provider (IdP) and its SAML metadata are not region-specific. The IAM service, and thus IAM roles and Identity Providers, are global, and not tied to a specific region
you can check from this link
https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/global-services.html
Azure AD side: Create a new non-gallery application in Azure AD, you may name it AWS SSO. In the AWS SSO app, go to Single sign-on and select SAML. You will see a section called SAML Signing Certificate. Download the Federation Metadata XML from there.
AWS IAM side: In the IAM console, go to Identity Providers, and choose Create Provider. For Provider Type, choose SAML. For Provider Name, you might choose AzureAD. For Metadata Document, upload the Federation Metadata XML you downloaded from Azure AD.
Map AWS Roles to Azure AD users or groups: In the Azure AD console, under the AWS SSO app, go to Users and groups and add the users or groups that you want to have access to AWS console. Then, in the Single sign-on section, under User Attributes & Claims, you can map Azure AD user attributes to AWS roles.
相關內容
- AWS 官方已更新 5 個月前