Voiced by Amazon Polly
AWS control tower is a way to set up the multi-account and govern them, which follows best practices. It organizes several AWS services like AWS organization, AWS IAM identity center, and AWS service catalog to build a landing zone, in less than an hour, and all the resources are managed on the user’s behalf.
AWS Control Tower provides control to the high-level rule with ongoing governance for the AWS environment. There are two kinds of control: preventive and detective. And there are types of guidance that apply to these two kinds of control: mandatory, strongly recommended, or elective. This control can be used to check the security logs and access permissions that are necessary for the cross-account that is created and not alerted.
Any operation performed on the landing zone such as creating or provisioning accounts in the AWS control tower console require either Identity access management, or AWS IAM Identity center (AWS Single Sign On) to authenticate that you’re an authorized user. You can authenticate using an AWS username and password if you’re using the AWS control tower console.
AWS Control Tower Interaction with IAM Identity Center
You can inherit the AWS control tower with other AWS services like AWS identity center or AWS organization which helps to migrate the workload. It is one of the most reliable services including AWS IAM Identity which is a successor to AWS Single Sign-On.
Single Sign-On is a service that enables user and session authentication. The user can access multiple applications with one login credential. Such systems are called identity federations, with the Open Authorization framework enabling the user’s data to be used by third-party services without exposing the user’s password.
Helping organizations transform their IT infrastructure with top-notch Cloud Computing services
- Cloud Migration
- AIML & IoT
Step-by-Step Guide to Enable AWS Single Sign-On
Step 1: Log in to AWS Console Management and Search for “IAM Identity Center”
Step 2: Enable IAM Identity Center
Step 3: Choose Create AWS Organization.
You will be able to see IAM identity center Dashboard
Step 4: Creating a user.
Go to Users and Click on Add user
Provide the primary Information and Click Next
Step 5: Creating a Group
Click on Create Group
Enter the Group Name, and description and click on Create Group.
Select the created Group and click Next, then Review and Add user
Once the user is created, you need to verify the email address to use certain features
Step 6: Create a permission set
Go to Multi-Account permissions -> Choose permission set -> and Click Create Permission Set
Now Select the permission set type as Predefined permission set, choose AdministratorAccess and Click Next
Review and Click Create
Step 7: Setting AWS Account access for the admin user.
Go to Multi-account permissions -> Choose AWS Account -> Click Assign users or group
Assign the user and group and Click Next
Assign the permission set to the user which was created in previous steps and Click Next
- Before reviewing and submitting, verify the email address.
- Log in to the registered email, you will see the Invitation to AWS Organization,
- Click on “Accept Invitation”
Now you will be able to set your New Password
Step 9: Review and submit assignments to the user and click Submit
Step 10: Once you logged in to your AWS Account using Single Sign-On, you see the organization added, by clicking on Management Console you will see the AWS console page.
The main purpose of Single sign-on is to provide the ability for the user to log in with single credentials without memorizing multiple application login access. This increases productivity by skipping all the extra time spent on login. Since users have one password for multiple applications, the password will be complex and solid. Therefore, reduces the risk of theft.
Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.
- Cloud Training
- Customized Training
- Experiential Learning
CloudThat is also the official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft gold partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.
Drop a query if you have any questions regarding AWS Control Tower and I will get back to you quickly.
1. What is Landing Zone?
ANS: – It is well-architected, which is secure, and scalable for the multi-account environment. This helps to launch and deploy the applications and workloads quickly in the security and infrastructure environment. Building a landing zone in a cross-account structure involves technical and business decisions. It holds the organizational unit, users, accounts, and other resources that comply with regulations.
2. Why Single Sign-on is needed?
- Logging with one set of credentials enhances security, as using common passwords on multiple accounts gives a chance for the hacker to get access to poorly secured websites.
- Reduces the cognitive burden by removing the requirement of separate usernames and passwords. This helps employees to use more and more websites and applications in the workplace.
WRITTEN BY Deepika N
Deepika N works as a Research Associate - DevOps and holds a Master's in Computer Applications. She is interested in DevOps and technologies. She helps clients to deploy highly available and secured application in AWS. Her hobbies are singing and painting.