In this step your Security and Cloud Administrators will provision resources to control the access to team development AWS accounts.
This step should take about 10 minutes to complete.
Next, you’ll create a custom permission set in AWS SSO to represent the initial iteration of an AWS IAM policy under which builder team members will work in their team development AWS accounts.
example-infra-team-dev-saml.json
to your desktop.example
with a reference to your own organization’s identifier.AWS accounts
in AWS SSO.Permission sets
.Create permission set
.Create a custom permission set
.Name
. For example example-infra-team-dev
.Description
. For example, Day-to-day permission used by builders in their team development AWS accounts.
.Session duration
to the desired value.Create a custom permissions policy
. Select Next:Details
.Replace example
with your own identifier: Before you select Create
, in the permissions policy, ensure that you replace all occurrences of example
with your own organization’s identifier. Otherwise, the permission set will not work as expected.
Create
.Later, when you onboard the builder teams to their team development AWS accounts, you’ll reference this permission set.