(Also see - Functional Roles and AWS managed policies)

Permissions Set  and SSO Groups

SSO Groups are created within AWS IAM (they come directly from the IdP). The actual permissions on these SSO groups are undefined.

A permission set allows the definition of these permissions. Any managed policy or custom policy can be attached to these SSO groups.

These permission sets (attached policies) are time bound (session duration)

ADFS Groups

ADFS groups are created using the AD Managed Provider in AWS. To these groups, any managed policy can be attached. These are not time bound (like the SSO group above)



Need an experienced AWS/GCP/Azure Professional to help out with your Public Cloud Strategy? Set up a time with Anuj Varma.