I've recently started reorganizing our AWS account to align with best practices, like setting up sub-organizations with service control policies (SCPs). One major issue is that our non-technical staff are overwhelmed by the numerous errors they encounter when using the console. The tech-savvy team can handle it, but our finance folks and other employees are getting confused by these 'red alerts.'
Ideally, I want to create a cleaner console experience tailored for them:
1. Set a custom console homepage across the organization with only the necessary bookmarks or links to the services they can access.
2. Disable search functionality for services or at least grey out the ones they don't have permission to use.
3. Similar to this, grey out regions they can't access. Currently, they often land on a restricted region, which makes them question why they can even select it if they can't use it.
I understand the AWS Console mainly caters to developers, but it would be great to find a way to minimize the errors non-tech users encounter, making their overall experience smoother. Is there anything I can configure in IAM or AWS Organizations to enhance this experience?
3 Answers
You can set up a relay state in IAM Identity Center for the permission set, which redirects users to their relevant landing pages instead of hitting them with errors right away. That way, they start off in the right place, and they have to make an active choice to explore further. Check out the AWS documentation for the details!
Relay state? That’s the solution I didn’t know I needed! I had a hunch SSO supported this but couldn’t find it. Thanks for clarifying!
Honestly, the AWS Console isn't really built for ease of use for everyone. It’s more of a developer tool. But yeah, if you want to help your team, just let them know that those red errors are mostly for developers and not to worry about them too much. If building a custom portal is on the table, make sure you allocate the right amount of time to it! Also, double-check your IAM setup to ensure it's appropriately scoped.
I understand the developer tool aspect, but this really isn't about ignoring the errors. Our non-tech team needs a way to engage without being overwhelmed! Better UX would go a long way.
For your finance team, consider pulling data into Quicksight for better analysis and reporting. It’ll be particularly helpful if you start organizing your accounts into separate workloads. As for the Bedrock Playground, think about building a custom orchestration layer on top to simplify what's presented to users. I’ve seen successful examples of this, and it can significantly improve user experience.
That sounds great! It'll definitely streamline the process for new users. I kept missing that option during setup, so I appreciate the heads up!