AWS Single Sign-On (SSO) is a cloud SSO service that makes it easy to centrally manage SSO access to multiple AWS accounts and business applications. It enables users to sign in to a user portal with their existing corporate credentials and access all of their assigned accounts and applications from one place.
Customer Reviews
Consultant in Information Technology and Services
Advanced user of AWS Single Sign-OnThe promise of a single login and simplified management of role assumption access to multiple accounts. It works okay for the console.
The multiple CLI tools and SDKs do not play nice with SSO and role assumption which is critical to developer workflows.
Amplfy for example doesn't yet work with sso, https://github.com/aws-amplify/amplify-cli/issues/4488. neither does Terraform.
Configuring and using SSO requires a lot of additional command line arguments and remember a lot of various id. There is a whole niche universe of tools like https://github.com/benkehoe/aws-sso-util and https://github.com/benkehoe/aws-export-credentials that are built to work around the issue with the SSO experience for CLI uses that demonstrate the immaturity of the product.
For a good developer experience with good security isolation via multiple accounts setup, you still need to manually create tokens in each environment for your developers. The entire point of SSO is avoid that overhead.
I can't in good conscience recommend that companies use SSO for their development and devops teams, which I suspect are the majority of AWS users.
I'd assume all the Rah-Rah reviews above are people who don't really have to deal with the pain and frustration development teams with a devops practice have to go through to try to use this tooling, or they're paid reviewers.
Secured Multi-Account Setup with AWS SSO. We haven't realized any benefit yet. I
