AWS - Hidden SSO configurations
- Sagar Salokhe (Unlicensed)
AWS Organization App is the Parent App to AWS apps in Zilla.
When we sync AWS Organization App with Discover Child Apps as Yes, It automatically discovers all the member AWS accounts of the AWS Organization and creates respective AWS apps in Zilla.
It also adds the below configurations to these discovered child AWS apps.
Zilla IAM Reader Role Arn (Visible)
Zilla SSO Master Role Arn (Hidden)
SSO Instance Arn (Hidden)
SSO Identity Store ID (Hidden)
Account ID (Hidden)
SSO Region (Hidden)
The first configuration (i.e Zilla IAM Reader Role Arn) is only visible configuration in AWS child Apps. All other configurations are required for SSO sync and are hidden.
User Should not edit the configurations of the AWS Child Apps manually.
If User manually edits the visible configurations of the AWS Child App (i.e. Zilla IAM Reader Role Arn, Sync frequency, enable/disable sync), then it will remove the hidden SSO configurations of this child app. And after syncing this AWS app, the SSO accounts from this app will get marked deleted as the SSO configurations are missing.
To Resolve this scenario,
After manually editing the configurations, do not sync the AWS apps immediately. First sync its Parent AWS Organization App with “Discover child Apps” set to Yes. This will discover the child AWS apps again and will add the SSO configurations to them. If you set the “Auto Sync AWS child apps” to Yes, the child AWS apps will get sync automatically. Now the SSO accounts will get synced again in the AWS child apps