Stack Overflow
Stack Overflow

Questions tagged [aws-sso]

In 2022, AWS Single Sign-On (AWS SSO) became AWS IAM Identity Center. As a result, please use the "aws-iam-identity-center" tag instead of the "aws-sso" tag on related posts.

78 questions
12
votes
4 answers

AWS SSO login to credentials as environment variables

Given that logging-in with aws login sso is successful. Successully logged into Start URL: ***** From here I want to start my service that requires the following environment variables with AWS credentials to be…
Luke 10X
  • 1,071
  • 2
  • 14
  • 30
9
votes
3 answers

Disable programatic access for AWS SSO user

is there a way to disable programmatic access for users Signing in using AWS SSO? Is it possible to control the programmatic and console access using polices or Groups?
George Jose
  • 166
  • 1
  • 1
  • 11
6
votes
3 answers

aws eks and aws sso RBAC authentication problem

I have created a fresh AWS SSO (used internal IDP as identity source, so no use of Active Directory). I am able to login to AWS CLI, AWS GUI, but unable to perform any kubectl ops. error: You must be logged in to the server (Unauthorized) This has…
DmitrySemenov
  • 9,204
  • 15
  • 76
  • 121
5
votes
2 answers

How to configure aws sso for terraform?

I have been using aws as cloud service and terraform as IaC. It's very annoying to copy paste the credentials frequently. Is there any solution available for that or any work around other to use aws sso?
Aman
  • 193
  • 2
  • 15
4
votes
1 answer

How to create AWS Console Deeplinks behind IAM Identity Center login?

When managing access to multiple accounts via IAM Identity Center, the AWS Access Portal provides clickable links for each of the available Roles/PermissionSets in those accounts. However, the console always loads to the main page. Is there a way to…
scubbo
  • 4,969
  • 7
  • 40
  • 71
4
votes
2 answers

How to remove a permission set for a User in IAM Identity Center

I have a highly multi-account environment and Users that are assigned multiple permission sets per account. e.g. Bob has both Administrator and ReadOnly for Test and Prod accounts. Say I want to only remove Bob's Administrator access for the Prod…
NitrusCS
  • 597
  • 1
  • 5
  • 20
4
votes
3 answers

Allow user to assume an IAM role with SSO login

I am trying to allow a user to assume a role on AWS. I attached an assume role policy to a group where the IAM user belongs so that they can assume a particular role. The problem is that the user now uses SSO to login and and is no longer allowed to…
Veronica Ajisola
  • 39
  • 1
  • 5
4
votes
2 answers

Is there a way to provision aws sso users via cloudformation/cdk?

Looking at this guide: https://aws.amazon.com/blogs/security/use-new-account-assignment-apis-for-aws-sso-to-automate-multi-account-access/ It only shows how to assign permission sets to already existing users. Also looking at the cloudformation…
froi
  • 7,268
  • 5
  • 40
  • 78
4
votes
2 answers

How is the AWS SSO url generated when you access the management console?

When you login via SSO in the browser, if you open one of your accounts and then assume a role, a new tab is opened after you click on "Management console". The syntax of the url of that link is something like https:/…
DefinitelyNEET
  • 113
  • 6
4
votes
1 answer

Okta vs AWS SSO comparisions as an SSO solution

Which is the best option for SSO implementation AWS SSO Vs Okta? I'm specifically looking for the advantages and disadvantages of each service to identify the best suitability for my system. These considerations have the most…
lecarpetron dookmarion
  • 519
  • 2
  • 7
  • 18
4
votes
2 answers

can i obtain credentials for aws account using sso at the command line without a browser

I am currently using the awscli version 2 to obtain temporary credentials at the command line. This seems to require a browser to be involved. This will not work everywhere like on a server for example. I would like to be able to obtain temporary…
Vish
  • 827
  • 11
  • 21
3
votes
2 answers

What happens to existing AWS IAM users when enable IAM Identity Center?

I want to enable IAM Identity Center and configure an external IdP for an existing AWS account. This AWS account already has users, created with IAM. What happens to these users? I'm especially worried about users used by my application to, for…
Gigitsu
  • 593
  • 6
  • 19
3
votes
0 answers

Can we Delete or Disable the AWS SSO admins created by AWS Control Tower Account Factory?

We are using Federation & Role-switching and have no current need to use the SSO admin users which are necessarily created via Account Factory. Ideally, we'd like to delete them, but I worry about Control Tower drift. I would also consider…
user18041914
  • 31
  • 1
3
votes
1 answer

AWS PowerShell customize SSO Callback: There is no Runspace available to run scripts in this thread

I'm using the PowerShell (v7) script below to customize AWS SSO Login FLow. It's based on a working .net implementation: $ErrorActionPreference = "Stop" Import-Module -Name "AWSPowerShell.NetCore" $profileName = "my-sso-profile" $chain =…
Philip Pittle
  • 11,821
  • 8
  • 59
  • 123
2
votes
2 answers

How can I query UserId for AWS SSO Users using Boto3

How can I get UserId for AWS SSO Users using Boto3. I wanted to use it to assign permissions to a user for a specific aws account using below code, however, this requires PrincipalId which is some 16-20 digit number associated with each user and is…
Ranopriyo Neogy
  • 175
  • 2
  • 14
1
2 3 4 5 6