Differences

This shows you the differences between two versions of the page.

--- cloud:aws:iam [2023/10/20 11:42] – skipidar
+++ cloud:aws:iam [2023/11/01 07:13] (current) – ↷ Page moved from business_process_management:camunda:cloud:aws:iam to cloud:aws:iam skipidar
@@ Line 36: / Line 36: @@
 where you can pick the "myssoportal" freely.
+=== SSO from a CMD / Shell ===
 When the setup is done \\
@@ Line 56: / Line 58: @@
 </code>
-You will be redirected to the SSO page
+After the login with your global user (which you manage in your IAM identity center https://aws.amazon.com/iam/identity-center/) \\
+you will be redirected to the SSO page
 {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/DMWBdCy4ii.png?600x250}}
+From where you can approve the request:
+{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/gdnlKAhViU.png?550x250}}
 Dont forget to log out:
@@ Line 67: / Line 74: @@
+=== SSO to AWS management console ===
+To SSO into the AWS console - your also can navigate directly to \\
+and pick one of the available role to SSO into the AWS management console.
-== Setting it up ==
+{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/DMWBdCy4ii.png?600x250}}
+==== Setting up SSO via "identity portal" ====
 As in https://medium.com/@pushkarjoshi0410/how-to-set-up-aws-cli-with-aws-single-sign-on-sso-acf4dd88e056
@@ Line 125: / Line 139: @@
 sso_account_id = 36********63
 output = json
-sso_session = mysso
 sso_role_name = Admin-NoIAM-NoBilling
 </code>
+== Provisioning the permission sets ==
+Newly defined permission sets remain in the "not provisioned" state.
+{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/FCrkJqPZXz.png?475x141}}
+To become available anywhere - they must be explicitly assigned to an account.
+{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/INbUFPxaxf.png?475x141}}
+{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/0sSljOCYoC.png?475x141}}
+{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/kx8vD6eKyB.png?475x141}}
+Only then the permission sets become "provisioned"
+{{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/d8Eub00GLN.png?475x141}}