AWS Single Sign-On | SSO Access to AWS Accounts Flashcards
Can I connect more than one directory to AWS SSO?
SSO Access to AWS Accounts
AWS Single Sign-On | Security, Identity & Compliance
No. At any given time, you can have only one directory connected to AWS SSO. But, you can change the directory that is connected to a different one.
Which AWS accounts can I connect to AWS SSO?
SSO Access to AWS Accounts
AWS Single Sign-On | Security, Identity & Compliance
You can add any AWS account managed using AWS Organizations to AWS SSO. You need to enable all features in your organizations to manage your accounts SSO.
How do I set up SSO to AWS accounts in an organizational unit (OU) within my organization?
SSO Access to AWS Accounts
AWS Single Sign-On | Security, Identity & Compliance
You can pick accounts within the organization or filter accounts by OU.
How do I control what permissions my users get when they use SSO to access their account ?
SSO Access to AWS Accounts
AWS Single Sign-On | Security, Identity & Compliance
When granting SSO access to your users, you can limit the users’ permissions by picking a permission set. Permission sets are a collection of permissions that you can create in AWS SSO, modelling them based on AWS managed policies for job functions or any AWS managed policies. AWS managed policies for job functions are designed to closely align to common job functions in the IT industry. If required, you can also fully customize the permission set to meet your security requirements. AWS SSO applies these permissions to the selected accounts automatically. As you change the permission sets, AWS SSO enables you to apply the changes to the relevant accounts easily. When your users access the accounts through the AWS SSO user portal, these permissions restrict what they can do within those accounts. You can also grant multiple permission sets to your users. When they access the account through the user portal, they can pick which permission set they want to assume for that session.
For which AWS accounts can I get AWS Command Line Interface (CLI) credentials?
You can get AWS CLI credentials for any AWS account and user permissions that your AWS SSO administrator has assigned to you. These CLI credentials can be used for programmatic access to the AWS account.
