Assign permissions
Assign Access Rights to Users and Groups
To configure access rights for AWS accounts within SSO groups based on specific job functionalities, follow the steps below:
Account and Group Configuration
| Accounts | Groups | Job Function Policy |
|---|---|---|
| Management Account, shared-services, logging,security | AWS-Shared-Services-Admin; AWS-Security-Admin; AWS-Logging-Admin | AdministratorAccess |
| Management Account, shared-services, logging, security | AWS-Shared-Services-Read-Only; AWS-Security-Read-Only; AWS-Logging-Read-Only | SecurityAudit |
Instructions
-
Open the AWS SSO Console and navigate to the AWS accounts section in the left sidebar.
-
In the AWS organization tab, locate the list of AWS accounts. Choose one or more accounts to which you want to assign access (e.g., Management Account, shared-services, logging, and security). Then click on Assign users or groups.
-
Select the relevant groups and click Next.
-
Choose the desired Permission set.
-
Click Submit.
-
Repeat the same process for the Security Account.
-
Select the groups and click Next.
-
Choose the Permission set and click Next.
-
Click Submit.
-
Congratulations! You have successfully configured AWS SSO access.
