I'm having a tough time with AWS SSO (IAM Identity Center) when trying to manage multiple AWS accounts and permission sets. My plan was to assign every developer an "IAM IC User" with different combinations of AWS accounts and permission sets through user groups. However, I've come across several issues.
When I try to switch between roles manually in the UI, it doesn't work since the IAM roles created by IAM IC are temporary. I've also tried using a Chrome extension for role switching, but it leads back to the generic role switching UI which isn't working for me. The multi-session support seems to log me out and requires me to sign in again with either an AWS Account or IAM Role, which I'd prefer to avoid entirely.
Essentially, I feel like the only way to switch accounts is through the AWS SSO User Portal link. Has anyone found a smoother method for allowing users to hop between accounts with their IAM Identity Center setup without constant logins?
5 Answers
Switching sessions has been straightforward for me. I just sign in using the new account without needing to log out. Another approach that works well is using browser containers for logging into different accounts.
Could you share a video of the issues you're having with multiple sessions? Mine have been working perfectly fine. Just keep in mind that AWS currently limits you to five accounts, but hopefully, this changes in the future.
We actually use a tool called Granted for managing multiple AWS accounts. It works really well with Firefox as it allows each session to run in a sandboxed window, so you can be logged into different accounts simultaneously without issues.
I just bookmark my SSO portal link in my browser toolbar. When I need to switch accounts, I simply click that bookmark. Configuring IAM Identity Center once you get the hang of it should make these transitions easier.
Have you considered simplifying your permissions? Honestly, it seems unnecessary for one person to have multiple permission sets for the same account. I suggest combining PermissionSets: for example, use one set that includes all necessary permissions for Account123 instead.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures