Authorization

When you add an card to a flow for the first time, you'll be prompted to configure the connection to the relevant AWS IAM Identity Center account. After saving your account information you'll be able to reuse the connection for future flows.

Tip

Tip

You can create multiple connections and manage them from your Connections page.

To create a new connection from an action card:

  1. Click New Connection.

  2. Enter a Connection Nickname. This is useful if you plan to create multiple AWS IAM Identity Center connections to share with your team.

  3. Copy the ID from Account ID to the associated role's trust policy. See Providing access to AWS accounts owned by third parties.

  4. Copy the ID from External ID the associated role's trust policy. See Providing access to AWS accounts owned by third parties.

  5. Enter a Role Amazon Resource Name (ARN). See IAM Identifiers.

  6. Click Create.

Note

The role you create for operations must have an IAM policy attached to it that allows the actions in the following policy example:

Copy 
{
    "Version": "2012-10-17",
    "Statement": 
        [
            {
                 "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": 
                    [
                    "sso:ListAccountAssignments",
                    "organizations:ListAccounts",
                    "sso:ListPermissionSets",
                    "sso:CreateAccountAssignment",
                    "sso:ListInstances",
                    "sso:DeleteAccountAssignment",
                       ]
                    "Resource": "*"
                }
            ]
}

Related topics

AWS Multi-Account Access connector

Elements of Workflows

AWS IAM Identity Center API Reference Guide