Amazon AWS Identity Management
First Time Setup from Root Account
Section titled “First Time Setup from Root Account”Use case: A new account/organization is setting up users to use AWS resources and single sign on (SSO) with the AWS CLI. New users with least privileges need to be created and managed.
Follow Get started with common tasks in IAM Identity Center with these high level steps:
- Enable the IAM Identity Center like at
https://ca-central-1.console.aws.amazon.com/singlesignon/home?region=ca-central-1&tab=management#!/
- Recommend enable with AWS Organizations
- Leaving use of existing default directory
- Configure MFA, require always for all users
- Create users and assign them the appropriate
access
- Create a user, a group
- Assign permissions to the group, for example PowerUserAccess for a developers groups
- Have users sign into the AWS access portal and they can then
configure SSO for the
CLI
- Get access keys from the AWS access portal and use AWS CLI
aws configure ssoto log in
- Get access keys from the AWS access portal and use AWS CLI