Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AWS service Account using AWS OOTB connector.

Murari
New Contributor II
New Contributor II

‎05/22/2024 09:33 PM

Hi Team,

Can we create AWS service Account using AWS OOTB connector, if Yes

Which connection option we should use

Option 1: EIC Trusts each AWS Account
Option 2: EIC Trusts the First Cross Account

Could you please assist? 

Thanks

Murari

0 Kudos
1 REPLY 1

rushikeshvartak
All-Star
All-Star

‎05/22/2024 09:48 PM

Creating an AWS service account using an AWS Out-Of-The-Box (OOTB) connector depends on the context and the specific requirements of your AWS environment.

Understanding the Connection Options

  • Option 1: EIC Trusts each AWS Account

    • This means that the Enterprise Identity Connector (EIC) establishes a trust relationship with each individual AWS account.
    • This is useful in environments where you have multiple AWS accounts and need to establish direct and separate trust relationships with each one.

  • Option 2: EIC Trusts the First Cross Account

    • In this setup, the EIC establishes a trust relationship with a primary AWS account, and then this primary account manages access to other AWS accounts.
    • This is useful in environments where you want to centralize the trust and management through a single account, often referred to as a hub-and-spoke model.

Choosing the Right Option

The choice between these options depends on the structure and management preferences of your AWS environment:

Option 1: EIC Trusts Each AWS Account

Pros:

  • Direct control and individual trust relationships with each AWS account.
  • Easier to manage permissions and roles on a per-account basis.

Cons:

  • Can become complex to manage if you have a large number of AWS accounts.
  • Each new account requires setting up a new trust relationship with the EIC.

Use Case:

  • Ideal for organizations with fewer AWS accounts or those preferring direct and explicit control over each account.

Option 2: EIC Trusts the First Cross Account

Pros:

  • Simplifies the management of multiple AWS accounts by centralizing the trust relationship.
  • Easier to manage roles and permissions centrally from one account.
  • Efficient in large-scale environments with many AWS accounts.

Cons:

  • Adds an additional layer of complexity and dependency on the central account.
  • Requires careful management of the trust and roles in the central account to avoid security risks.

Use Case:

  • Ideal for organizations with a large number of AWS accounts or those preferring centralized management and control.
  • Commonly used in multi-account AWS environments where a central governance model is implemented.

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC