AWS, Cloud Computing

5 Mins Read

AWS Control Tower Interaction with IAM Identity Center

Voiced by Amazon Polly

Overview

AWS control tower is a way to set up the multi-account and govern them, which follows best practices. It organizes several AWS services like AWS organization, AWS IAM identity center, and AWS service catalog to build a landing zone, in less than an hour, and all the resources are managed on the user’s behalf.
AWS Control Tower provides control to the high-level rule with ongoing governance for the AWS environment. There are two kinds of control: preventive and detective. And there are types of guidance that apply to these two kinds of control: mandatory, strongly recommended, or elective. This control can be used to check the security logs and access permissions that are necessary for the cross-account that is created and not alerted.
Any operation performed on the landing zone such as creating or provisioning accounts in the AWS control tower console require either Identity access management, or AWS IAM Identity center (AWS Single Sign On) to authenticate that you’re an authorized user. You can authenticate using an AWS username and password if you’re using the AWS control tower console.

AWS Control Tower Interaction with IAM Identity Center

You can inherit the AWS control tower with other AWS services like AWS identity center or AWS organization which helps to migrate the workload. It is one of the most reliable services including AWS IAM Identity which is a successor to AWS Single Sign-On.

Single Sign-On is a service that enables user and session authentication. The user can access multiple applications with one login credential. Such systems are called identity federations, with the Open Authorization framework enabling the user’s data to be used by third-party services without exposing the user’s password.

  • Cloud Migration
  • Devops
  • AIML & IoT
Know More

Step-by-Step Guide to Enable AWS Single Sign-On

Step 1: Log in to AWS Console Management and Search for “IAM Identity Center”

Step1

Step 2: Enable IAM Identity Center

Step2

Step 3: Choose Create AWS Organization.

Step3

You will be able to see IAM identity center Dashboard

Step3b

Step 4: Creating a user.

Go to Users and Click on Add user

Step4

Provide the primary Information and Click Next

Step4b

Step4c

Step 5: Creating a Group

Click on Create Group

Step5

Enter the Group Name, and description and click on Create Group.

Step5b

Step5c

Select the created Group and click Next, then Review and Add user

Step5d

Step5e

Once the user is created, you need to verify the email address to use certain features

Step5f

Step 6: Create a permission set

Go to Multi-Account permissions -> Choose permission set -> and Click Create Permission Set

Step6

Now Select the permission set type as Predefined permission set, choose AdministratorAccess and Click Next

Step6b

Step6c

Review and Click Create

Step6d

Step 7: Setting AWS Account access for the admin user.

Go to Multi-account permissions -> Choose AWS Account -> Click Assign users or group

Step7

Assign the user and group and Click Next

Step7b

Step7c

Assign the permission set to the user which was created in previous steps and Click Next

Step7d

Step 8:

  • Before reviewing and submitting, verify the email address.
  • Log in to the registered email, you will see the Invitation to AWS Organization,
  • Click on “Accept Invitation”

Step8

Now you will be able to set your New Password

Step8b

Step8c

Step8d

Step 9: Review and submit assignments to the user and click Submit

Step9

Step9b

Step 10: Once you logged in to your AWS Account using Single Sign-On, you see the organization added, by clicking on Management Console you will see the AWS console page.

Step10

 

Conclusion

The main purpose of Single sign-on is to provide the ability for the user to log in with single credentials without memorizing multiple application login access. This increases productivity by skipping all the extra time spent on login. Since users have one password for multiple applications, the password will be complex and solid. Therefore, reduces the risk of theft.

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

  • Cloud Training
  • Customized Training
  • Experiential Learning
Read More

About CloudThat

CloudThat is also the official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft gold partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

Drop a query if you have any questions regarding AWS Control Tower and I will get back to you quickly.

To get started, go through our Consultancy page and Managed Services Package that is CloudThat’s offerings.

FAQs

1. What is Landing Zone?

ANS: – It is well-architected, which is secure, and scalable for the multi-account environment. This helps to launch and deploy the applications and workloads quickly in the security and infrastructure environment. Building a landing zone in a cross-account structure involves technical and business decisions. It holds the organizational unit, users, accounts, and other resources that comply with regulations.

2. Why Single Sign-on is needed?

ANS: –

  • Logging with one set of credentials enhances security, as using common passwords on multiple accounts gives a chance for the hacker to get access to poorly secured websites.
  • Reduces the cognitive burden by removing the requirement of separate usernames and passwords. This helps employees to use more and more websites and applications in the workplace.

WRITTEN BY Deepika N

Deepika N works as a Research Associate - DevOps and holds a Master's in Computer Applications. She is interested in DevOps and technologies. She helps clients to deploy highly available and secured application in AWS. Her hobbies are singing and painting.

Share

Comments

    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!