Entering Approver when Using AWS SSO with Only Roles


You are setting up Approvers in CloudFix where it is asking for an IAM user. Since you use AWS SSO to login to AWS accounts, only roles can be assumed and so, you need a way to approve Change Templates.


We need to create an IAM user that can approve Change Templates created by CloudFix. Follow the below steps:

  1. Login to your AWS account that you have onboarded to CloudFix through your current AWS SSO Login, but pick a role that grants you Admin permission.
  2. Use that login session to create IAM User and make it part of the templateapprover and changerequestapprover groups, that should already be in your IAM Groups.
  3. Logout of the CloudFix session.
  4. Log back into the CloudFix account, refresh the approver's list and your newly added IAM user will be there. Once confirmed, move to the next step.
  5. Use this newly define IAM User to log into your onboarded AWS account and you should be able to approve the Change Templates.

Related Article

Adding Template Approver



Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request