AWS SSO
💡 Definition
AWS Single Sign-On (SSO) is a cloud-based SSO service that makes it easy to centrally manage SSO access to multiple AWS accounts and business applications. It simplifies the process of managing user access to AWS.
🔑 Key Concepts
- Centralized Access: Provides a single sign-in experience for users across all their assigned AWS accounts and business applications.
- User Management: You can create and manage users and groups directly in AWS SSO, or connect to an external identity source (e.g., Active Directory, Azure AD).
- Permission Sets: Defines the level of access users have to AWS accounts.
- Integration with AWS Organizations: Works best when integrated with AWS Organizations to manage access across multiple accounts.
⚙️ How it Works
- Enable SSO: Enable AWS SSO in the AWS Organizations master account.
- Connect Identity Source: Configure users directly in SSO or link to an external directory.
- Assign Users/Groups: Grant users or groups access to specific AWS accounts with defined permission sets.
- User Login: Users log in once to the AWS SSO user portal and can then access all assigned AWS accounts and applications.
🎯 Use Cases
- Streamlined Access: Simplifying user access to multiple AWS accounts (e.g., Dev, Test, Prod).
- Compliance: Centralizing access management for audit purposes.
- Third-Party Apps: Providing SSO access to SaaS applications outside of AWS.
💰 Pricing Model
- AWS SSO itself is free. You only pay for the underlying AWS resources (e.g., AWS Organizations) or external identity sources that you use with SSO.
📝 Exam Tips (CLF-C02)
- Simplifies managing access to multiple AWS accounts.
- Provides a single sign-in portal for users.
- Integrates with AWS Organizations.
- A centralized approach to identity and access management beyond just IAM.
See Also: * IAM * AWS Organizations