Skip to main content

009 - Use AWS SSO for AWS Account Access

Date: 2021-05-01

Status

✅ Accepted

Context

We need to use Single Sign On to access all our AWS accounts. We currently use AzureAD for securing access to many of our services.

Decision

We will use the Modernisation Platforms implementation of AWS Single Sign On. It is being used by many teams already so means less development time forour growing team. It does require the use of a MoJ Org GitHub account, but that requirement only further facilitates using infrastructure as code within our AWS accounts.

Alternative Considerations:

AzureAD

AzureAD is currently managed externally, this means that automating user and groups is not possible which limits its potential.

This page was last reviewed on 7 November 2024. It needs to be reviewed again on 7 May 2025 by the page owner #nvvs-devops .
This page was set to be reviewed before 7 May 2025 by the page owner #nvvs-devops. This might mean the content is out of date.