1 Answer
- Newest
- Most votes
- Most comments
1
Hi, when using AWS Identity Center, programmatic access credentials become temporary. This fits more within the best practice recommendations of not having long life credentials. The AWS CLI can support integration with IAM Identity Center, https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html. A user would run the CLI login process. It will retrieve a temporary Access Key ID and Secret Access Key and use those for the session. The duration of the session can be configured within the Identity Center permission set. IAM based credentials can still be used, but the recommendation is they are limited to Service Access (as an example Automation tools or SaaS products that need access).
answered 2 years ago
Relevant content
- Accepted Answerasked 9 months ago
- asked 7 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
Thanks Jimmy. My scenario is what you are referring to in the last sentence...I need an account for Service Access, so it sounds like IAM is still the goto for that scenario. I appreciate the additional context for the CLI login process with the temp keys.