AWS Organizations: Determine what account to store user identies #15
Labels
enhancement
New feature or request
Comments
Sign in
to join this conversation on GitHub.
We want to stop creating IAM user accounts all over the place, which leads to lots of access keys and rotation challenges.
To overcome this, we want a central account into which IAM accounts will be created with access keys, so there is one place to go for the access key. Then, access to all other iam stuff is via roles with cross account access.
Other possible solutions include AWS SSO, and this may be implemented in addition to a central account.
The question is, where in the OU does this belong? What other functions can/should this account have?
The text was updated successfully, but these errors were encountered: