En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

FleetManager SSO login unavailable

0

We are trying to utilize the FleetManager SSO functionality to enable SSM to be used as a proxy for a bastion host. The ideal flow would be dev port-forwards with SSM to RDP into the bastion host. I would like the bastion host to utilize IAM Identity Center for authentication. This flow works but only within the same region as IAM Identity center was created. Is there any known work arounds to enable FleetManager to work across regions? I could not find where in the documentation it says that this cannot work and Amazon Q says that it should as well.

Article for reference: https://aws.amazon.com/blogs/security/how-to-enable-secure-seamless-single-sign-on-to-amazon-ec2-windows-instances-with-aws-sso/

Sujets
Sécurité, identité et conformitéCalcul
Balises
Centre d’identité IAM AWSEC2 FleetGestion des sessions
Langue
English
TMorse
demandé il y a 5 mois152 vues
1 réponse
1
Réponse acceptée

FleetManager SSO doesn't play nice across regions for bastion access.

Here's the deal:

  1. It's region-locked, meaning IAM Identity Center and your bastion host gotta be neighbors.
  2. Docs don't say it explicitly, but clues are everywhere.

Workarounds:

  1. Move the bastion host and IAM Identity Center together.
  2. Try another SSO solution like AWS SSO that can cross regions.
  3. Build your own authentication system with AWS services, but be prepared for some coding.
profile picture
EXPERT
Sedat Salman
répondu il y a 5 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents