Versions Compared

Old Version 6

changes.mady.by.user Daniel P Klinger

Saved on

compared with

New Version Current

changes.mady.by.user Daniel P Klinger

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Account Administrators have full control over which IAM Groups, Roles and Users are allowed to launch Products from the IT@Cornell Portfolio. By default, shib-admin and sso-admin members can launch and of our Portfolio products.

Launching Products

...

To enable additional IAM Principals to the IT@Cornell Products for your account. (ie. sso-admindevs, shib-devs, shib-dbas, etc...)

  1. Log in to your Cornell AWS Account
  2. Make sure you are in the us-east-1 (N. Virginia) Region
  3. Navigate to the Imported Portfolios section of the AWS Service Catalog Console
  4. Click the IT@Cornell Portfolio
  5. Select the "Access" tab
  6. Click the "Grant access" button
  7. Select the "IAM Principal" radio button
    1. Wildcards are now supported for granting access via Principal Names as well, ie. arn:aws:iam:::role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_sso-admin_*
  8. Select the "Roles" tab
  9. Search for the desired role to add
  10. Click the "Grant Access" button
  11. The IT@Cornell Products are now visible and launch-able in the Products Section for the newly provisioned IAM Principal.