Configuring SSO on AWS for SpaceTech

| | |

An innovative Space Company that understands the benefits of cloud infrastructure has selected Foghorn, an AWS Premier Partner, to assist them in their efforts to leverage AWS and maximize the potential for their company.  One of the first priorities when adopting a cloud platform like AWS is getting Identity and Access Management right.  Although AWS has IAM, which allows user management, this service is scoped to a single account.  In addition, companies using just IAM for identity management would be required to create duplicate user accounts for each AWS user, assuming they also maintain user accounts for their other IT services.

Enter Single Sign-On, aka SSO.  SSO is definitely not new, but integrating Cloud Infrastructure management with your existing SSO can make life a whole lot easier, and also make your Cloud a whole lot more secure.   Our customer had already standardized on Microsoft AD as their Identity management solution.  In addition, based on how AWS GovCloud and resource permissions work, our customer was going to be leveraging a multi-account strategy on AWS.  They needed permissions to the AWS environments to be easily delegated via AD groups, and they needed this process to be automated.

Foghorn helped by first designing an AWS account strategy that met the requirements, including:

  • Partitioning Production from Development and Test
  • Meeting Government Compliance requirements
  • Aligning with GovCloud account requirements

After this, we helped design an AD group strategy that would fit the authorization requirements.  We configured AWS SSO and integrated with AD and AWS Organizations.  But there was one additional requirement, the system needed to be completely automated.  Group creation and assignment is still completely manual based on the existing capabilities of AWS SSO.  So Foghorn created automation driven by Cloudwatch and Lambda to automate this process.  

The end result?  The customer has a clean and consistent way to manage their AWS access while maintaining a strong security posture and compliance requirements without any error prone manual processes or user account duplication.  Hooray!

If you are interested in learning more about how Foghorn can help streamline your cloud infrastructure access, drop us a line!

Schedule a 1:1 With Our Experts

The Reinvention of Amazon Bedrock

The Reinvention of Amazon Bedrock

Amazon Bedrock is a sophisticated and fully managed service provided by AWS, designed to facilitate the development and scaling of generative AI applications. Some key improvements have been launched at AWS Re:Invent this week. We’ll dive deeper into those later....