IAM Identity Center is the AWS solution for connecting your workforce users to AWS managed application.
Identity Center Permission Sets are basically templates of IAM roles that will be provisioned in the account. When you assign a permission set to an account, the role is created and a trust policy to handle the federation is configured automatically.
It also supports SSO[Single Sign-On] as well as you could integrate 3rd party like AAD[Azure Active Directory] to this.
Getting Started:
First Go to that account Console with https://Account_Number.signin.aws.amazon.com/console
Then Search IAM Identity Center and Press on Enable. You can Enable in any region as you wish.
N.B- Though you have enabled IAM Identity Center, you could also use specific account console as you have used before. Like https://Account_Number.signin.aws.amazon.com/console but for that you need to have IAM Role for that Or Root Account Holder.
After Enabling, Got Successful Message
Now, Edit the Instance name as it will be showed when you want to access through AWS Access Portal.
If you want to customize your access portal URL and provide the URL to the USER. Go to Dashboard
So, Link will be like that https://mizanzone.awsapps.com/start. And After login, we could see the Mizan tech Account For that specific account.
Permission & Others:
You need to create permissions sets. There are some predefined sets like below:
Here session is = aws access portal session after login.
Relay State: No need right now [it will forward to that URL what is set in the section]
You could set Custom Permission set there. Like only Ec2-admin/ S3-Access as You want per requirements.
You will create groups and set users to that group.
Now we will create users and assign to the required groups. Please create users with mail-wise for the company. So that anyone could use their mail as Username.
After Creating the IAM Identity center, Root user will create another user to work with him in the same account or in the identity center.
N.B: You could add multiple AWS Accounts under Same organization. Just need to send invite from AWS Organization page.After that, all the Accounts will be listed under IAM Identity Center AWS Account
So, You need to assign permission sets & Groups to the accounts of that AWS Organization. What Permission set and groups are added in the AWS Account, only those could access that account permission wise.
When we have multiple accounts that time all the accounts will be listed above.
Now, we will use Access portal URL [https://mizanzone.awsapps.com/start/] and after login, we will get views like that
References:
Top comments (0)