https://serverless-stack.com/ logo
Join SlackCommunities
Powered by
Does SST work with SSO users (I want to use Contro...
# sst
k
Does SST work with SSO users (I want to use Control Tower and organisations )
a
What is control tower?
I’m using SSO, and SST works fine.
We provide the keys from AWS IAM.
k
a
Oh nice.
Yeah we use this with SSO also, and SST works fine.
I didn’t setup this, was other people.
But my team deployed SST over that.
k
ok sweet so probably we just setup
Copy code
aws configure sso
and use that profile while deploying sweet
a
So SST is going to use the profile, is SSO using that?
k
So I never used SSO before and was wondering if it is somehow different, I think as you said it will be exactly the same
a
Yeah I think so, because this uses access key/secret.
k
Yeah I was wondering if we could use SST without key/secret but using SSO (this should be safer)
a
Yeah I see.
The team who gave me access, they create key/secret for each SSO user.
k
Yeah looking into that maybe it is fine to just use key/secret instead
a
Also those keys are really restricted, to do minimal things.
Also, other good practice is we have 1 account for each env.
And then each dev deploys with their own stage, to account 
development
.
k
Yep that is what I am also thinking, if I create a Dev account it does not really matter how much access the devs have
a
Yeah.
In my case devs doesn’t have permissions to use IAM.
But they can create resources and such, that way we can create a multi-stage workflow.
k
Yep that makes sense
Thanks @Adrián Mouly
f
Hey guys, wanted to chime in quickly. We have an open issue here https://github.com/serverless-stack/serverless-stack/issues/313
I’m not too familiar with SSO, but the last time when I looked at it, it seems CDK hasn’t fully supported it yet.
k
@Frank thanks, I am trying this maybe it works 😅 https://github.com/aws/aws-cdk/issues/5455#issuecomment-713643500
^ this actually worked 🙌
f
Oh nice! 👍
Open in Slack
PreviousNext
Powered by