How do I use AWS Single Sign-On permission sets?

Last updated: 2020-04-23

I want to use AWS Single Sign-On permission sets to provide users and groups access to an AWS account.


Follow these instructions to create permission sets for a user using AWS SSO. Then, confirm the permissions from the user portal. In this example, a federated user is granted the ViewOnlyAccess permission set.

Create a ViewOnlyAccess permission set

  1. Open the AWS SSO console.
  2. In the navigation pane, choose AWS accounts.
  3. Choose the AWS organization tab.
  4. In AWS account, choose the account that you want to create a permission set for, and then choose Assign users.
  5. In Display name, choose the user name that you want to create the permission set for, and then choose Next: Permission sets.
  6. In Select permission sets, choose Create new permission set.
  7. In Create new permission set, choose Use an existing job function policy, ViewOnlyAccess, and then choose Create.
  8. In Permission set, choose ViewOnlyAccess, and then choose Finish.

You receive the message "We have successfully configured your AWS account. Your users can access this AWS account with the permissions you assigned".

Verify that the user has ViewOnlyAccess permission

  1. Choose Proceed to AWS accounts.
  2. In the navigation pane, choose Dashboard.
  3. In User portal, choose your user portal URL.
  4. In the user portal login page, log in to your user portal with your user name and password for the AWS SSO user.
  5. Choose the AWS Account icon.
  6. Choose the account drop-down menu. Note that the account has ViewOnlyAcccess permission.
  7. Choose Management console for the ViewOnlyAcess set.

You are signed in to the AWS Management Console with ViewOnlyAcccess permission.

For more information, see Create Permission Set.

Did this article help you?

Anything we could improve?

Need more help?