To configure access rights for AWS accounts within SSO groups based on specific job functionalities, follow the steps below:
Accounts | Groups | Job Function Policy |
---|---|---|
Management Account, shared-services, logging,security | AWS-Shared-Services-Admin; AWS-Security-Admin; AWS-Logging-Admin | AdministratorAccess |
Management Account, shared-services, logging, security | AWS-Shared-Services-Read-Only; AWS-Security-Read-Only; AWS-Logging-Read-Only | SecurityAudit |
Open the AWS SSO Console and navigate to the AWS accounts section in the left sidebar.
In the AWS organization tab, locate the list of AWS accounts. Choose one or more accounts to which you want to assign access (e.g., Management Account, shared-services, logging, and security). Then click on Assign users or groups.
Select the relevant groups and click Next.
Choose the desired Permission set.
Click Submit.
Repeat the same process for the Security Account.
Select the groups and click Next.
Choose the Permission set and click Next.
Click Submit.
Congratulations! You have successfully configured AWS SSO access.