Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

FleetManager SSO login unavailable

0

We are trying to utilize the FleetManager SSO functionality to enable SSM to be used as a proxy for a bastion host. The ideal flow would be dev port-forwards with SSM to RDP into the bastion host. I would like the bastion host to utilize IAM Identity Center for authentication. This flow works but only within the same region as IAM Identity center was created. Is there any known work arounds to enable FleetManager to work across regions? I could not find where in the documentation it says that this cannot work and Amazon Q says that it should as well.

Article for reference: https://aws.amazon.com/blogs/security/how-to-enable-secure-seamless-single-sign-on-to-amazon-ec2-windows-instances-with-aws-sso/

Temas
Seguridad, identidad y cumplimientoCálculo
Etiquetas
Centro de identidad de AWS IAMFlota de EC2Administración de sesiones
Idioma
English
TMorse
preguntada hace 5 meses152 visualizaciones
1 Respuesta
1
Respuesta aceptada

FleetManager SSO doesn't play nice across regions for bastion access.

Here's the deal:

  1. It's region-locked, meaning IAM Identity Center and your bastion host gotta be neighbors.
  2. Docs don't say it explicitly, but clues are everywhere.

Workarounds:

  1. Move the bastion host and IAM Identity Center together.
  2. Try another SSO solution like AWS SSO that can cross regions.
  3. Build your own authentication system with AWS services, but be prepared for some coding.
profile picture
EXPERTO
Sedat Salman
respondido hace 5 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante