AWS Access environments in different Organizations using the same account

Question

We manage environments for different customers.

On Microsoft Azure is possible to the same user to be part of different Directories and Subscriptions. It's all matter of invites and permissions.

Is it possible to use the same (email) account to manage environments in different organizations on AWS?

Answer 1

You can create an IAM user for the same person (email address) in multiple AWS accounts. To log into a different account, the person would use the login screen that corresponds to the account they want to access. This is how it works if you are creating IAM users in an account. They would not be linked, so to see a different account they would need to go to a different login url--and likely a separate password even though the email address may be the same. Essentially, they would be separate users in separate accounts, with no linkage.

For enterprises, you can use things like SAML authentication where users would authenticate with their own company, then go to a link like https://signin.aws.amazon.com/saml which will show all of the accounts to which they have access. Then it is just a matter of picking the account to which you want to connect.

See

• https://aws.amazon.com/single-sign-on/?org_product_ft_sso
• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html
• https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html