AWS
UFIT has an AWS organization that utilized a central SSO configuration. When a new AWS account is created it is placed in our organization and is automatically associated with UFs AWS SSO configuration. UFs AWS SSO utilizes Shibboleth and Gatorlink IDs for access control. Different roles are created per account to allow users the appropriate access to perform required tasks.
GUI
- Navigate to UFs AWS SSO Login Page: https://d-9067071075.awsapps.com/start
- Authenticate using your Gatorlink credentials.
- Select the account you want to manage.
- With the account expanded click the "Management Console" link for the account role you want to access the account with.
- There may be more than one role available to you depending on the access patterns required for your service.
CLI / API Programmatically (scripting)
- Install the AWS CLI v2 (not version 1) on your machine: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
- Open a terminal in your machine:
- Create a new sso profile by running the command:
aws configure sso
- The SSO region is:
us-east-1
- Login with your GLID credentials and Allow the request
- Select the account and role you would like to use the profile to connect to.
- The SSO region is:
- Log into your newly configured sso profile by running the command:
aws sso login --profile [CLI profile name]
- Login with your GLID credentials and Allow the request
- Create a new sso profile by running the command:
- If the request shows as approved you can close the browser window and go back to your terminal.
- Your terminal should display the following message:
- Successfully logged into Start URL: https://d-9067071075.awsapps.com/start
CLI / API Manually
- Navigate to UFs AWS SSO Login Page: https://d-9067071075.awsapps.com/start
- Authenticate using your Gatorlink credentials.
- Select the account you want to manage.
- With the account expanded click the "Access Keys" link for the account role you want to access the account with.
- There may be more than one role available to you depending on the access patterns required for your service.
CLI w/ EC2 Server Access
- Install the AWS Session Manager plugin on your machine: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html
- Follow the instructions in the "CLI/API Programmatically" section above.
Non-SSO
When required and approved, UFIT can create IAM users that can be assigned access keys that can be used to authenticate.