How to access Amazon S3 via Single Sign-On
AWS Single Sign-On (AWS SSO) is a cloud service that allows you to grant your users access
to AWS resources, such as Amazon S3, across multiple AWS accounts.
With S3 Browser you can easily work
with Amazon S3 via AWS SSO, it provides user-friendly way to configure Amazon S3 access via the Single Sign-On service.
To configure Amazon S3 via AWS Single Sign-On:
1. Start S3 Browser and click Accounts -> Add New Account.
Click Accounts -> Add New Account
The Add New Account dialog will open:
New Amazon S3 via AWS SSO account dialog.
2. Choose the Amazon S3 via SSO account type
3. Enter single sign-on account details:
Start URL - the URL that points to the organization's AWS SSO user portal.
SSO Region - the AWS Region that contains the AWS SSO portal host.
Account ID - the AWS account ID that contains the IAM role you want to use.
Role name - the name of the IAM role that defines the user's permissions.
8. Click Add new account
You can now choose the newly added account from the accounts menu:
Click Accounts -> Account Name to switch between accounts.
Advanced Account Settings
You may also configure additional settings when adding new or editing existing account.
In order to open advanced account settings, please click the advanced settings link
located at the bottom left corner of the dialog.
The Advanced Account Settings dialog will open:
Advanced account settings
You may configure the following settings here:
List all my buckets when account assigned - if checked, S3 Browser performs s3:ListAllMyBuckets
call when account is assigned. You may uncheck this for accounts that are not allowed to list all buckets
to avoid failed tasks and warnings in the log.
Check CloudFront distributions when account assigned - if checked, S3 Browser performs cloudfront:ListDistributions
call when account is assigned to set special icon for buckets that are used as origin for CloudFront distributions.
You may uncheck this for accounts that are not allowed to list CloudFront distributions to avoid failed tasks and warnings in the log.
External Buckets - you may edit external buckets associated with the account. Each bucket must be specified on a new line.
Optional path is also supported, slash is used as delimiter, for example my-bucket/and/optional/path
|