This solution is intended for enterprises that need a streamlined way of managing user access to their AWS accounts. Using this solution, your identity and access management teams can extend AWS SSO functionality by automating common access management and governance use cases
MIT License
65
stars
24
forks
source link
Enable provisioning of permission set to orgMain / delegated admin account #80
There's been a recent change in the SSO admin API, wherein using specific IAM permisisons, you could now programmatically create/delete account assignments for org main/delegated admin account.
The solution currently excludes provisioning to org main/delegated admin account as the earlier version of SSO admin API did not allow this.
However, using the following permissions policy, provisioning lambda can now successfully assign/remove account assignment to org main / delegated admin account
The solution should now programmatically switch the permissions it uses to provision based on the target account it's provisioning the account assignment to
AC: