- Newest
- Most votes
- Most comments
IAM Identity Center enables you to manage workforce user access to multiple AWS accounts and cloud applications where as IAM user is the user, which is native to this account and would be able to access the account in which it was created.
Through IAM Identity Center, you can have identity source and enable permissions for multi accounts for same user where as for IAM user case, multi account access is not possible unless IAM user in Account A is granted permissions explicitly and other account(Account B) also allow that IAM user(in Account A) to have access to resources in Account B.
While creating IAM user, when you choose "Provide user access to the AWS Management Console", then AWS recommends to use IAM Identity Center instead of IAM user as through IAM Identity Center, it's lot easier to manage the users and their access across multiple aws accounts, contrary to that IAM user is just for that specific account where it's created.
I'm attaching a snapshot, which exactly tells why you should choose one over other.
If you have created IAM user, then you can login through url https://<account>.signin.aws.amazon.com/console and use the user name and password.
If you have created user in IAM Identity Center, then go to IAM Identity Center console, go to Users section then select the user, which you created and choose reset password:
It'll give you following two options:
- Send an email to the user with instructions for resetting the password
- Generate a one-time password and share the password with the user
Choose second one, reset it and after reset, pop up window will give you the login url and password, which you'd use to login.
AWS IAM Identity Center is a successor to AWS Single Sign On(SSO) and fits well to access multiple aws accounts.
Additionally take a look at https://repost.aws/questions/QUxQ4HoFtpTKeNFvHA4VoKKw/what-is-the-difference-between-a-user-created-in-iam-and-a-user-created-in-iam-identity-center
Hope it would help you to get clarity between two, feel free to comment here if you have further questions. If this answer helped you, please accept the answer.
PS: Unless, you don't have organizational requirement and necessarily have IAM Identity Center User(multi accounts access) requirement, IAM user would serve the purpose, which can be created as I mentioned in snapshot.
Also note that Identity Center and IAM Users have different login URLs, depending on the type only one of the two possibilities will work. Identity Center is typically recommended when you have a reasonable amount of users, and/or if you use Organizations to manage your workforce. Those users are not IAM users, but federated ones (even though they can be managed in AWS, if you're not using an external IdP). Assuming that you refer to this guide, what you are using is Identity Center. Those are not IAM Users, and you'll need the login URL configured in Identity Center to log in.
Yes this is correct the NExt Stpe Guide pushing down IAM Identity Center and thus a new personal AWS developer makes no differensiation their is later another option of IAM User/Roles. The detail explaination above helps alot more and clarieis the difference and my confusion is not clarified :) Thank you.
Relevant content
- asked 4 months ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
Thank you for this detailed explanation.
It confirms my thought the Getting Started steps are pushing you at being an Organisation with IAM Identity Center users and thus when then follow the next guides to login as IAM user its is confusing as its not an IAM User, but an IAM Identity Center user (different identity/login).
This clarifies I only need to create IAM Users to progress through the AWS training and now I understand use of IAM user is better fit to develop Terraform and execute as IAM user with IAM Roles assigned.
Thank you.