How To Manage Users On AWS Environment

AWS Single Sign-On (AWS SSO) is a cloud service that lets you offer your users access to AWS resources across various AWS accounts, such as Amazon EC2 instances. AWS SSO now includes a directory where you can create users, organize them into groups, and provide access to those groups by default. You may also offer permissions to programs like Salesforce, Box, and Office 365 to the users you create in AWS SSO. You can use AWS SSO and its directory at no additional cost.

A directory is a crucial component that allows you to manage the users who have access to AWS resources and applications. Within one AWS account, AWS Identity and Access Management (IAM) allows you to create users who can access AWS resources. Many enterprises, on the other hand, prefer a strategy that allows users to log in with a single credential and access various AWS accounts and applications. Users may now be created and managed centrally in AWS SSO for all of your AWS accounts and applications. Your users log in to a user portal using a single set of AWS SSO credentials, giving them access to all of their assigned accounts and services.

Step 1: Create AWS SSO users and groups.

Go to the AWS SSO Console to add users to AWS SSO. Then, under AWS SSO, add Martha as a user, create a Developers group, and add Martha to the Developers group by following the procedures below.

Step two: Set up permissions.

You must construct permission settings to provide users access to AWS resources. A permission set is a set of policies defined by an administrator that AWS SSO utilizes to determine a user’s permissions for any particular AWS account. AWS managed policies or custom policies stored in AWS SSO can be included in permission sets. Individual access controls (allow or deny) for distinct types of data are represented by statements in policies.

Step 3: Assign accounts and permission sets to groups.

You’ll give your Developers group full access to Amazon EC2 and Amazon S3 in the developer accounts and read-only access to these resources in the production accounts in this step. You’ll do this by giving the Developers group access to the EC2AndS3FullAccess permission set and the two developer accounts (DevAccount1 and DevAccountDevAccount2).

Step 4: Users log in to the User Portal to gain access to their accounts.

Your users can now manage resources in their assigned AWS accounts by logging into the AWS SSO User Portal. Your users may access all of their assigned accounts and business applications through the user portal with a single sign-on. Your users can sign into numerous AWS accounts from the user interface by selecting the AWS account icon and selecting the account they want to access.

Individuals or entities with access to your directory are referred to as users. Instead of having to apply rights to each individual user, groups are highly handy for offering or refusing privileges to groups of users. You change a user to a different group when they move to a different organization, and they automatically get the privileges they need for the new organization.

You must use any instance (on-premises or EC2) that has been joined to your AWS Directory Service directory and be logged in as a user with privileges to create users and groups to create users and groups in an AWS Directory Service directory. You’ll also need to get the Active Dire software.