Very important to learn if you want to do anything significant with AWS within the ‘enterprise’.
AWS SSO > Azure AD login > AWS SSO account screen > role via permission set for various privileges into each account where access is needed > RBAC / ABAC applied.
Doing some research on this the other day, found this reddit post which I thought was interesting.
Hi all and sorry if this has already been asked, but right now my head is getting numb from all the things tried at the moment.
-AWS Organization with several accounts
-added extra AWS account for users and enabled Azure SSO (not the single account SSO)
-created several groups in AAD, assigned users, SCIM provisioning works fine
Anyone else doing anything significant with Azure AD and AWS which ultimately ends up with ABAC being applied?