Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

What is the real use of the Identity Center and how does it stand next to IAM

0

I am setting up my organisation with my management account and am logged in as an IAM user. I would like to log in via SSO so I thought about giving Identity Center a try. But after reading the docs, I am not sure what is the real use case of the Identity Center. What kind of users should be logging in via the Identity Center and via IAM.

Since the Identity Center is region locked, will users logging in via the Identity Center be able to access (CRUD) resources in other regions? If not, should admin level users always use IAM to login?

Tópicos
Segurança, identidade e conformidadeGestão e governança
Tags
AWS Identity and Access ManagementConsole de gerenciamento da AWSGerenciamento de contas da AWS
Idioma
English
profile picture
Sayak
feita há um ano281 visualizações
2 Respostas
3
Resposta aceita

You can still access your AWS account in Identity Center and still use other regions.
The advantage of the "IAM Identity Center" is that unlike IAM users, there is no need to create users for each AWS account.
The management account will be able to manage everything.
This is a great benefit for customers who have multiple AWS accounts.
The "IAM Identity Center" can also issue access keys that expire in a few hours, making them more secure than permanent access keys for IAM users.
https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html

profile picture
ESPECIALISTA
Riku_Kobayashi
respondido há um ano
  • Sayak
    há um ano

    Regarding "You can still access your AWS account in Identity Center and still use other regions" I need some clarity. Do you mean that if I create the Identity Center in US East, then a user signing in through the Identity Center (and not as an IAM user) can create resources in Asia Pacific?

  • Riku_Kobayashi ESPECIALISTA
    há um ano

    Yes, that is correct.
    Even if you set up an "IAM Identity Center" in US East, you can create resources in other regions.

1

One thing to note (although this wasn’t your concern) is that IdC does have a dependency on one region. Meaning that there’s a small chance that if that region has an event that makes it inaccessible, IdC won’t work at all - and all users won’t be able to log in. Although a whole region being inaccessible is unlikely, it’s possible - and AWS recommends having a “break glass” ability to log in with IAM just in case.

or-3
respondido há um ano

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante