AWS Config Rule: SSO Instance Enabled


Ryan Ware

Last Update 2 years ago

Description: Checks if the Organization Management Account (CloudZone Primary Account) has an AWS SSO Instance Enabled. The Config Rule will return NON_COMPLIANT if there is no AWS SSO Instance Enabled in this account.

AWS Region: All supported AWS regions

Trigger type: Periodic

How To Resolve Manually

AWS SSO Instances must be enabled in the Organization's Management account, or CloudZone Primary account. 

To Enable AWS SSO, you must first sign into your AWS organization's management account. For more information, see AWS SSO Prerequisites

Once you are in the correct AWS Account, you will need to head on over to the SSO Console and choose Enable AWS SSO

If you have not yet set up AWS Organizations, you will be prompted to create an Organization. Choose Create AWS Organization in order to complete this process.

Once you have enabled AWS SSO, you should see a dashboard screen such as this, which can help you complete the setup should you wish to take advantage of AWS SSO.

As it stands without these steps however, you do have an AWS SSO Instance, therefore this config rule will be COMPLIANT during the next check.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us