aws

TypePublisherVersionSoure CodePublished
Officialcommon-fatev0.6.1github.com11 days ago

Deploy this provider

Config Schema

FieldTypeDescriptionSecret
sso_identity_store_id stringthe AWS SSO identity store IDfalse
sso_instance_arn stringthe AWS SSO instance ARNfalse
sso_region stringthe AWS SSO instance regionfalse
sso_role_arn stringThe ARN of the AWS IAM Role with permission to administer SSOfalse

Docs

Access

This Access Provider provisions temporary account assignments for AWS IAM Identity Center Permission Sets. When making an access request, users will specify the following parameters:

ParameterDescription
accountthe AWS account to access
rolethe role to access

Getting started

Prerequisites

To use this Access Provider you'll need to have deployed Common Fate. You'll also need to download the cf CLI.

You will also need AWS credentials with the ability to deploy CloudFormation templates.

To use this Access Provider, you need to have AWS IAM Identity Center set up in your AWS Organization. Please contact us via Slack if you'd like to use this Access Provider, but are not using IAM Identity Center.

1. Deploy access roles

First, deploy the IAM roles below.

AWS SSO provisioning role

This role is used to list AWS resources including accounts, organizational units, and permission sets. It is also used to provision account assignments.

Deploy this role into the account with the log groups you wish to grant access to:

Launch Stack

2. Deploy the Access Provider

To deploy this Access Provider, open a terminal window and assume an AWS role with access to deploy CloudFormation resources in the Common Fate account. Then, run:

cf provider deploy

and select the common-fate/aws Provider when prompted.

Need Help?

Join our Slack Community

FAQ