By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Single Sign-in for EC2 Windows 2019 DataCenter Server & AWS Console

0

I have 4 users created in Identity and Access Management (IAM) and would like to use the same users to sign in to Windows 2019 DC Server Instance. Can anyone please share some information on it.

I don't have Directory Service or Active Directory through AWS. I know I can create Active Directory on my Windows 2019 DC server as well which I own the license and able to create full fledged windows server. Is there any connector I can use to log in to windows & AWS console with the same users (will only be using to start/stop windows instance & accessing windows through RDP and/or fleet manager? This is a very small setup and prefer to spend the least amount of money. Any recommendations will be greatly appreciated. Thank you, Sal

Topics
Security, Identity, & Compliance
Tags
AWS Directory ServiceAWS IAM Identity Center
Language
English
EEHOA
asked 3 months ago191 views
3 Answers
2
Accepted Answer

You can use IAM Identity Center for single sign-on. While it supports AD and external identity providers such as Okta and Entra ID (Azure AD), you can use default IAM Identity Center directory to create and manage user accounts. To begin, you can start from tutorial Configure user access with the default IAM Identity Center directory. You can also use IAM Identity Center with Active Directory. See Connect a self-managed directory in Active Directory to IAM Identity Center

From IAM Identity Center, you can configure SSO into EC2 as per blog How to enable secure seamless single sign-on to Amazon EC2 Windows instances with AWS IAM Identity Center. Configure EC2 to be managed by Systems Manager.

AWS
EXPERT
Mike_L
answered 3 months ago
0

Thanks Mike for your help. Do I have to use "IAM Identity Center" or "Identity and Access Management" can get me the same results? I have already created the users in the latter.

Also instructions for "Add administrative permissions" under "Configure user access with the default IAM Identity Center directory" doesn't seem correct. No option for "Multi-account permissions" in AWS Identity Center....

EEHOA
answered 3 months ago
  • Mike_L EXPERT
    3 months ago

    Hi EEHOA, you have to re-create the users in IAM Identity Center (IdC). Or you can connect IdC to your AD EC2 instance using AD connector. There is cost involved in using AD Connector. "Multi-account" does not refer to use logins, it refers to multiple AWS accounts.

0

Thanks again! Yes, it make sense why I am not seeing "Multi-account permissions" on the left pane because I have a single AWS account with single organization. What I am confused about how can I do "Step 2: Add administrative permissions"? In other words, how can I "Select permission sets" when I don't have "Multi-account permissions" option n the left.

EEHOA
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content