Use AWS Orgs

What’s AWS SSO called now?

• AWS Identity Center: Includes on-prem capability

What’s AWS Identity Center do?

• Syncs with Active Directory and such

How can you implement AWS security best practice for root/admin?

• 2fa
• Don’t use root accounts often

How to set max permissions that an identity-based policy can grant an IAM entity?

• Create a permissions boundary