Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Disable programatic access for AWS SSO user

is there a way to disable programmatic access for users Signing in using AWS SSO? Is it possible to control the programmatic and console access using polices or Groups?

like image 534
George Jose Avatar asked May 04 '21 19:05

George Jose


People also ask

How do you control programmatic access?

With programmatic access control, a matrix of user privileges is stored in a database or similar and access controls are applied programmatically with reference to this matrix.

How do I enable programmatic access for an existing user in AWS?

Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/ . Choose Users in the navigation pane, choose the name of the user whose permissions you want to modify, and then choose the Permissions tab. Choose Add permissions, and then choose Copy permissions from existing user.

How do I disable a user from programmatically accessing AWS resources?

To disable a user from programmatically accessing AWS resources, you can delete their access keys. Below is the command to delete access keys of a user. You can also temporarily disable access keys by marking them as ‘Inactive’. Below is the command to mark access keys as ‘Inactive’:

How do I allow users to access AWS Management Console?

To allow users access to the AWS Management Console and AWS Command Line Interface (AWS CLI), you have two options. The first one is to create identities and allow users to log in using a username and password managed by the IAM service. The second approach is to use federation

How do I access AWS SSO?

Access to AWS SSO requires credentials that AWS can use to authenticate your requests. Those credentials must have permissions to access AWS resources, such as an AWS SSO application. Authentication to the AWS SSO user portal is controlled by the directory that you have connected to AWS SSO.

Can the AWS administrator freeze the programmatic access to the AWS account?

In case there is a security breach and the access key and secret key is exposed to the outside world, can the AWS account administrator freeze the programmatic access to the AWS account? You can disable or delete an Access Key. You must disable access keys one at a time. There is no "global" disable or delete for access keys.


Video Answer


1 Answers

No, you cannot prevent users to login and deny the programmatic access, because once users sign-in they have option to get required details to access programmatically.

like image 114
yatheendra k v Avatar answered Oct 19 '22 06:10

yatheendra k v