In this step your Security and Cloud Administrators will provision resources to control the access to team development AWS accounts.
This step should take about 10 minutes to complete.
Next, you’ll create a custom permission set in AWS SSO to represent the initial iteration of an AWS IAM policy under which builder team members will work in their team development AWS accounts.
example-infra-team-dev-saml.jsonto your desktop.
examplewith a reference to your own organization’s identifier.
AWS accountsin AWS SSO.
Create permission set.
Create a custom permission set.
Name. For example
Description. For example,
Day-to-day permission used by builders in their team development AWS accounts..
Session durationto the desired value.
Create a custom permissions policy. Select
example with your own identifier: Before you select
Create, in the permissions policy, ensure that you replace all occurrences of
example with your own organization’s identifier. Otherwise, the permission set will not work as expected.
Later, when you onboard the builder teams to their team development AWS accounts, you’ll reference this permission set.