Centralized user repository

It is recommended to use centralized user repositories such as AWS Directory Services (Active Directory/SimpleAD), Okta, Auth0, PingIdentity, OneLogin, Azure Active Directory, IBM Cloud Identity, etc. ideally integrated to AWS SSO to provide temporary credentials to users accessing AWS.

It is also important that the repository is integrated with the human resources management system to propagate employee terminations (either through an identity management system or directly into the centralized authentication repository).

AWS SSO

Well Architected Framework Recommendation Mapping

Pricing

AWS Single Sign On is a free AWS service that makes it easy to manage identities across multiple accounts.