Stack Overflow
Stack Overflow

Questions tagged [aws-sso]

In 2022, AWS Single Sign-On (AWS SSO) became AWS IAM Identity Center. As a result, please use the "aws-iam-identity-center" tag instead of the "aws-sso" tag on related posts.

78 questions
0
votes
0 answers

AWS IAM Policy Condition with AWS SSO username

I have AWS SSO users with login like firstname.lastname. I would like to have a policy like this { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:SomeAction", "Resource": ["*"], …
Hugo
  • 1,195
  • 2
  • 12
  • 36
0
votes
0 answers

AWS Cognito SAML - DEV, Stage server is Ok, But production server is not acting. ( Internal Server Error )

Hello Everybody, Currently, I've got some strange issue. I have developed the SAML SSO for AWS Cognito, and it works very well on DEV, STAGE server. But production server is not acting well. I made a SAMLResponse paramter and send it back to…
Mr. Lee
  • 1
  • 2
0
votes
1 answer

Is there a way to have NPM CLI use custom protocols?

Is there a way to have npm CLI to use custom protocols? ... "dependencies": { ... "common-resource-1": "git+codecommit::us-east-1://common-resource-1#develop", "common-resource-2": "git+codecommit://common-resource-1#develop", …
user2517182
  • 1,241
  • 3
  • 15
  • 37
0
votes
1 answer

AWS IAM External Identity Provider and MultiFactorAuthPresent condition

In IAM Trust Policy we can use the MultiFactorAuthPresent condition to enforce MFA to be enabled. However, does that condition work with an external Identity Provider? e.g. If I'm authenticated using Azure AD or Google Workspace, the authentication…
StarCub
  • 4,141
  • 7
  • 41
  • 58
0
votes
1 answer

aws sso user can't use kms:GenerateDataKey

I have an sso user, this user assume a role that has these rights : { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:GetBucketLocation", "s3:ListBucket", …
nomopo
  • 53
  • 1
  • 10
0
votes
2 answers

AWS SSO/AWS Opensearch SAML integration

I have an implementation of AWS OpenSearch that I can access using a master password/user combination. Our AWS implementation uses AWS SSO to access accounts via the console. I have configured a custom SAML 2.0 application in AWS SSO and enabled…
Shaun
  • 475
  • 1
  • 5
  • 16
0
votes
2 answers

AWS SSO integration with G suite

I want to make use of AWS SSO and integrate it to work with G suite. I followed the official blog post - https://aws.amazon.com/blogs/security/how-to-use-g-suite-as-external-identity-provider-aws-sso/ However, I'm unable to perform the user…
wittydavid
  • 1
  • 1
0
votes
1 answer

How do I migrate existing AWS IAM users to AWS SSO cross-account?

Currently, I have a bunch of IAM users in another account (not tied to AWS SSO). I've recently started using AWS-SSO to manage multiple accounts and users. I found it very effective and easy to manage. Question: How can I move/migrate users from…
PiaklA
  • 495
  • 2
  • 7
  • 21
0
votes
0 answers

AWS SSO with Sustainsys/Saml2

While configuring AWS SSO SAML 2.0 application by default it does not include and NameIdFormat and if we go with this default metadata for our Service Provider, Sustainsys/Saml2 giving error like below. Which configuration we can use to make it…
PradipB
  • 87
  • 1
  • 9
0
votes
1 answer

Federated Single Sign-On to AWS Using Google Apps

We have had everything working perfectly for the last couple of years, then all of a sudden in the last week we cant log into AWS using the Google SSO. We are setting up the roles for the users again (as per…
user3493508
  • 11
  • 1
  • 2
0
votes
1 answer

AWS SSO provision permission set automatically through cloudformation

I have created AWS SSO permission sets through CloudFormation and users are successfully assuming roles in downstream accounts. The issue I am seeing here is when a new change gets added to the code, let's say IAM inline policy gets edited with some…
Dejan Rajkovic
  • 1
  • 1
0
votes
1 answer

Unable to disable AWS Config recorder despite having Admin

"You do not have sufficient permissions to perform this action." That's the error message I get when trying to disable recording in AWS Config in the AWS Management console, but I have AdministratorAccess as my policy. The docs talk about granting…
Yann Stoneman
  • 953
  • 11
  • 35
0
votes
2 answers

AWS SSO - "Request nameID format does not match our record"

I'm trying to get a test app working with the AWS single sign-on service. When I hit the SSO login url and enter my credentials, it logs in fine, but then Amazon displays the error: Requeest nameID format does not match our record My request…
Troy
  • 21,172
  • 20
  • 74
  • 103
0
votes
1 answer

How to manage permissions sets effectively on AWS SSO

I'm currently working on a AWS SSO project. Important note: Currently AWS SSO do not support Custom Managed Policy. So basically I need a PowerUser profile but with some minor adjustments (such as removing some actions on Guardduty for example) Will…
pida
  • 328
  • 3
  • 12
0
votes
1 answer

Is there a way to 'remove' some actions from a managed policy using another managed policy for AWS IAM

I'm currently working on IAM and Access and i'm switching from Roles to Permission Set (to use AWS SSO). I have many custom managed policies, that I can't use with Permission Sets now, so I'm using AWS managed policies such as: PowerUserAccess,…
pida
  • 328
  • 3
  • 12
1 2 3 4
5
6