Add a section about switching between IAM and SSO and more

[diego-ojeda-binbash]

What?

• Add a section about switching between IAM and SSO
• Reword a miss-reference to IAM being the default method supported by Leverage

References

• Enhancement | Document the process for configuring SSO workflow #224

[coderabbitai]

Walkthrough

Adds a new “Switching between AWS IAM and AWS IAM Identity Center (AWS IIC)” section with troubleshooting and revised “Next Steps” in credentials docs, and rephrases wording in GPG identities docs to reference the base-identities layer and IAM module for encrypted credential management.

Changes

Cohort / File(s)	Summary of Changes
Docs: AWS ref architecture credentials and identities docs/user-guide/ref-architecture-aws/credentials.md, docs/user-guide/ref-architecture-aws/features/identities/gpg.md	Credentials: adds AWS IAM ↔ AWS IIC switching guidance, inserts troubleshooting warning, updates “Next Steps” phrasing/links. Identities (GPG): rephrases description to follow base-identities layer using IAM module for encrypted credentials; minor wording cleanup.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title Check	❓ Inconclusive	The title correctly mentions the addition of a section on switching between IAM and SSO but uses the vague phrase “and more,” which does not clearly convey the other significant change in the pull request. This lack of specificity makes the title too generic rather than fully descriptive of the key updates.	Please revise the title to clearly summarize the primary change and explicitly reference the other key update instead of using “and more,” for example: “Add AWS IAM/SSO switching section and reword GPG identities guide.”

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 224/adjust-sso-iam-sections

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

docs/user-guide/ref-architecture-aws/credentials.md (1)

12-14: Clarify guidance and make link text descriptive

Link text like “here” and “this guide” violates our accessibility/docs standards (see markdownlint MD059) and makes the navigation harder for readers. The phrase “plus other things to make it work” is also vague; we should either spell out the remaining steps or explicitly point back to the configuration guide sections that list them. Please rephrase with descriptive anchors and concrete guidance. For example:

-1. ... as explained [here](/user-guide/ref-architecture-aws/features/sso/configuration/). You'll need to set MFA to false ... configure SSO variables in the common.tfvars file, plus other things to make it work.
+1. ... as explained in the [AWS IAM Identity Center configuration guide](/user-guide/ref-architecture-aws/features/sso/configuration/). You'll need to set `MFA=false` in [build.env](/user-guide/leverage-cli/extending-leverage/build.env), configure the SSO variables in `common.tfvars`, and apply the remaining account and permission-set settings documented in that guide.
-2. ... going through [this guide](/user-guide/ref-architecture-aws/features/identities/identities/#setting-up-user-credentials) ...
+2. ... going through the [IAM user credential setup guide](/user-guide/ref-architecture-aws/features/identities/identities/#setting-up-user-credentials) ...

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 060389b and c8b7257.

📒 Files selected for processing (2)

• docs/user-guide/ref-architecture-aws/credentials.md (1 hunks)
• docs/user-guide/ref-architecture-aws/features/identities/gpg.md (1 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

docs/**/*.md

📄 CodeRabbit inference engine (CLAUDE.md)

Edit and maintain documentation content as Markdown files under docs/

Files:

• docs/user-guide/ref-architecture-aws/credentials.md
• docs/user-guide/ref-architecture-aws/features/identities/gpg.md

{docs/**/*.md,*.md}

📄 CodeRabbit inference engine (.cursor/rules/doc-binbash-leverage.mdc)

{docs/**/*.md,*.md}: Follow binbash Leverage terminology and architectural concepts as defined in this rule file across all documentation content
Always reference official sources (linked docs and repositories) as the primary truth
Align recommendations with the AWS Well-Architected Framework
Consider the multi-layer architecture (Network, Security, Shared, Apps) when providing guidance
Account for the multi-account organizational structure (Management, Security, Shared, Apps/Workloads)
Prefer using existing Terraform/OpenTofu modules from the Leverage library before custom solutions (Module-First)
Emphasize security by design, compliance, and governance in recommendations
Provide practical, actionable, and tested implementation guidance
Show concrete Leverage CLI commands for operations and workflows
For architecture topics, reference specific documentation sections and established patterns from the reference architecture
For architecture topics, consider layer dependencies and account boundaries
For module usage, reference module documentation, examples, and the Makefile module list for versions
For module usage, follow established naming and tagging conventions
For CLI operations, reference credential management and Docker-based execution context, and include troubleshooting tips
For troubleshooting, cover common credential/config issues, layer dependencies, account setup, and CLI version compatibility
Reference the provided essential resources and repositories when guiding users (Leverage docs site, core repos, PyPI package)

Files:

• docs/user-guide/ref-architecture-aws/credentials.md
• docs/user-guide/ref-architecture-aws/features/identities/gpg.md

{mkdocs.yml,docs/**/*.md}

📄 CodeRabbit inference engine (.cursor/rules/doc-binbash-leverage.mdc)

{mkdocs.yml,docs/**/*.md}: Maintain consistency with existing documentation structure and navigation
Organize content according to the documented sections (Concepts, Try Leverage, User Guide, How It Works, Work With Us, Key Feature Documentation)

Files:

• docs/user-guide/ref-architecture-aws/credentials.md
• docs/user-guide/ref-architecture-aws/features/identities/gpg.md

🪛 markdownlint-cli2 (0.18.1)

docs/user-guide/ref-architecture-aws/credentials.md

12-12: Link text should be descriptive

(MD059, descriptive-link-text)

[exequielrafaela]

• https://leverage.binbash.co/user-guide/ref-architecture-aws/credentials/
• https://leverage.binbash.co/user-guide/ref-architecture-aws/features/sso/overview/
• https://leverage.binbash.co/user-guide/ref-architecture-aws/features/identities/overview/