Attribute-based access control - AWS Single Sign-On

Attribute-based access control

Attribute-based access control (ABAC) is an authorization strategy that defines permissions based on attributes. You can use AWS SSO to manage access to your AWS resources across multiple AWS accounts using user attributes that come from any AWS SSO identity source. This enables you to use these user attributes in AWS SSO permission sets and resource-based policies to implement ABAC to AWS resources and simplify permissions management at scale.

For information about how to configure ABAC using the AWS SSO console, see Attributes for access control. For information about how to enable and configure ABAC using the AWS SSO APIs, see CreateInstanceAccessControlAttributeConfiguration in the AWS SSO API Reference Guide.

For information about how ABAC works with IAM, see What is ABAC for AWS? in the IAM User Guide.