Open juanmatias opened 1 year ago
We're now favoring AWS IdC SSO approach (https://leverage.binbash.co/try-leverage/enabling-sso/) over IAM, in case we need to still update this in the future we'll re-open this issue. We'll keep under review till we update the SSO setup steps though (ref: https://binbashar.slack.com/archives/GG0PJ78J3/p1716303230856489)
Updated SSO additional steps here: https://github.com/binbashar/le-ref-architecture-doc/pull/220
What?
In the documentation, regarding the MFA creation we have these lines:
There should be clarified the user name has to be used in order to be able to create the MFA. E.g.:
Why?
Based on the self-management policy created by the base_identities layer, we have the
iam:CreateVirtualMFADevice
but the resource is limited toarn:aws:iam::${var.accounts[var.environment].id}:mfa/$${aws:username}
. This means the mfa should be named the same as the username.