cancel
Showing results for 
Search instead for 
Did you mean: 

RDP to EC2 instances via JumpCloud SSO

shawnsong
Rising Star II
Rising Star II

Hi Folks,

I hope you all had a fantastic summer break and are fully recharged for Q4 2023!

It's Friday again, and what better time to share the joy of a cool AWS project with JC?

Let's take a revisit of setting up SSO for AWS IAM Identity Center. Once you've got that up and running, you're actually just a few steps away from extending this SSO functionality to RDP for a Windows instance.

Time to dive in!

 

Prerequisites

 

Setting It Up

  1. Create a user group in JC and bind to the AWS SSO you created. shawnsong_0-1697771344264.png
  2. Recommend setting this group up for dynamic membership. shawnsong_1-1697771344301.png
  3. The group and users will be provisioned to AWS IAM Identity Center thanks to the SCIM integration we setup alongside with the SSO. 
  4. On AWS, go to IAM (not IAM Identity Center), create a customer managed policy - you can copy over the template here.shawnsong_2-1697771378859.png
  5. Then, follow the steps here (starting from: “To assign your AWS IAM Identity Center group”)  to assign the policy to the permission set -> group -> sub accounts. 
  6. Now, create the instances in the same region as your IAM Identity Center - you will get a banner when accessing the Identity Center not in its origin.shawnsong_3-1697771404599.png
  7. Login to your JC user portal and jump over to AWS:shawnsong_4-1697771422752.png
  8. Go to Systems Manager -> Fleet manager, select the instance you wanted to access.shawnsong_5-1697771480928.png
  9. Select SSO:shawnsong_6-1697771480949.png

Tada! This is the user created on the spot by AWS according to your JC user! (The RDP session is embedded in my Chrome tab, which is very nice.) shawnsong_8-1697771545269.pngshawnsong_9-1697771574551.png

Benefits

That’s it! Hope you enjoy it, and thanks for reading this far.  

Happy Friday folks, catch you up on the next one!

 

0 REPLIES 0