AWS SSO for AWS Control Tower

What’s new with AWS SSO for AWS Control Tower and what do you like about it?

AWS SSO has become very powerful over the last year or two. It’s become a de facto standard for connecting your identity to AWS. Other companies may have hesitated to use it because it wasn’t as fully featured two years ago, but now it has everything that you would need to connect your active directory into AWS.

You can do things like filtering users while scoping. You can define the scope to be narrow in an OU. If you have a very large footprint in AWS Directory Service, that’s very helpful. It also connects into Azure AD. If you’re a user of that and GCP, it serves both of those very well. It really is a standard now and it’s the default that we use for all deployments.

What are some of the benefits of using AWS SSO for AWS Control Tower over, say, an external SSO provider?

Well, the first thing is that it’s free. AWS does not charge for AWS SSO.If you decide to run an AWS Directory Service instance or another service that’s managed by AWS, there will be charges for that.

But AWS SSO itself is no cost to you and it’s tightly integrated into AWS. So your normal workflow of using AWS APIs to interact with it, are connected in, as part of AWS SSO. And so you can use it, connect to it, you can pull keys and you can use it for CLI access. It’s just all tight knit in one package that you can control all of your footprint in AWS with.

That’s awesome. And you can integrate it with any SAML compliant IDP that’s out there. So to tie this all together, Caylent is recommending AWS SSO for Control Tower, and we offer it as part of our AWS Control Tower Catalyst offering.

If you’re looking to set up secure cloud foundations for your applications on AWS, Caylent’s experts can help you setup multi-account governance and management through our AWS Control Tower Catalyst. Get in touch with our team to learn how we can help!