1. Phase 1: Assessment – Collect Inputs and Setup Environment

  • Validate AWS CLI Identity
  • Validate AWS Region
  • Confirm AWS Organizations
  • Collect User Inputs
  • Check Account Type Capability

2. Phase 2: Summary – Display Setup Plan

  • Confirm Setup Plan

3. Phase 3: Configuration – Create Permission Sets and Assign Access

  • Detect Identity Center Instance & Store
  • Create Permission Sets
  • Attach Managed Policies
  • Create Identity Center Users (Optional)
  • Assign Permission Sets
  • Instruct Users for MFA Setup

4. Phase 4: Validation – Test User Access

  • Portal Access Validation
1 Credits

Set Up AWS IAM Identity Center with SSO and Permission Sets

Overview\n\nSet up AWS Identity Center to streamline access and permission management within your AWS environment. This plan guides you through assessing your current AWS identity settings, verifying the account type, configuring Identity Center (if allowed), enforcing MFA, and validating that users can access the resources they've been assigned. It ensures all necessary configurations for AWS Identity Center are properly handled, including permission set creation, policy attachment, and account access assignments.\n\n## Execution Details\n\n### Phase 1: Assessment – Collect Inputs and Setup Environment\n\n- Validate AWS CLI Identity: Verify the AWS account and user credentials to ensure correct CLI operations.\n- Validate AWS Region: Confirm that the CLI is set to the appropriate AWS region.\n- Confirm AWS Organizations: Ensure AWS Organizations is enabled and functional.\n- Collect User Inputs: Collect all required Identity Center configuration values including identity source, permission set names, session durations, permission set descriptions, AWS account IDs, user list, and enforce MFA (defaulted to 'Yes').\n- Check Account Type Capability: Identify if the selected AWS account is eligible for Identity Center setup using CLI (i.e., not a Management Account).\n\n### Phase 2: Summary – Display Setup Plan\n\n- Confirm Setup Plan: Present the gathered configuration details for user confirmation before continuing.\n\n### Phase 3: Configuration – Create Permission Sets and Assign Access\n\n- Detect Identity Center Instance & Store: Retrieve or confirm Identity Center instance details. If not yet enabled, guide the user to activate via AWS Console.\n- Create Permission Sets: Automatically create permission sets using the values collected in Phase 1.\n- Attach Managed Policies: Automatically map and attach AWS-managed policies to the permission sets.\n- Instruct Users for MFA Setup: If MFA is enforced, display instructions for users to complete MFA registration through the Identity Center portal.\n- Assign Permission Sets: Assign permission sets to specified users across selected AWS accounts.\n\n### Phase 4: Validation – Test User Access\n\n- Portal Access Validation: Confirm that users can log into the AWS Identity Center portal and access their assigned resources.\n\nThis structured plan ensures secure, validated, and automated setup of AWS Identity Center, with enforced MFA and no manual steps beyond Phase 1 inputs.