Setting up AWS IAM Identity center and AWS Explorer in VS code
A guide to setup VS Code for AWS Explorer
There are three steps to be followed in IAM Identity center:
- Enable Identity Center with organisation
- Create a user
- Create a permission set
- Assign permission sets to accounts in the organisation
Enable Identity center:
Enable it with organisation to add users. These users will appear as accounts. Later different permission sets will be applied to different users.
Notice the start URL. This URL will be used for logging into your organisation’s apps. In this article we will create just one application.
Notice the AWS Organisation created. The organisation will appear with your account name as the management account for the organisation.
Create a user:
You would also create a user with temporary password. During their first login, they reset their password to their desired password. You may also add users to your organisation in this manner.
Create a permission set:
From the left pane in the IAM Identity center, create a permission set as below. Permission sets lets users access to S3 services. Here as we ourselves are using the account, we are going ahead with administratice access. In an organisation you would follow the Principle of Least Privilege when assigning access to services for a user.
Assign permission sets to user accounts in the organisation:
After following through the above steps, it is time to verify!
In your IAM Identity center notice the AWS access portal link in the right side panel.
That link would open up to:
It will ask you to add MFA and reset your password. Once logged in, you would be able to see the organisation account:
Once you go to the management console, you would be able to see the permission set which was applied to this user Anupam_Misra. If a custom permission set was made, that would appear before the /user_name in the top right corner.
Accessing AWS Explorer in VS Code
Notice the account ID in the user’s management console.
In VS code install AWS toolkit from extensions. Click on add new connection.
In AWS Explorer, enter the AWS start URL and the region. Then click “Sign In”. A code will be displayed in the pop-up. Ensure that the code opens in the AWS window. It will ask you to verify and close the window.
After the verification is done, you can return to VS Code and click on the “Connected to …” in the left pane. The account no. from the management console will appear here. Once you click on it, you would be able to see your AWS resources.
