- Newest
- Most votes
- Most comments
Hi Adit, IAM Identity Center is indeed a prerequisite for Amazon Q Developer Pro. However, migration of users from IAM is not mandatory, so all of them can keep their access as they do up to now.
If you are enabling only one user for testing purposes, it is recommended that you enable an IAM Identity Center (Account) Instance, instead of an Organization Instance. You can check the difference between these options here: https://docs.aws.amazon.com/singlesignon/latest/userguide/identity-center-instances.html
Migrating to IAM Identity Center is not strictly required for using Amazon Q Developer, but it is the recommended method for managing user access to Amazon Q Developer resources, especially for the Pro tier.
For Amazon Q Developer Pro subscriptions, IAM Identity Center is used to set up and manage user access. This allows for centralized management of users and their permissions across multiple AWS accounts or within a single account, depending on your needs.
If you're currently using IAM for AWS account access, you don't need to make immediate changes to your existing workflows. You can continue to use IAM for general AWS account access while setting up IAM Identity Center specifically for Amazon Q Developer Pro access.
IAM Identity Center offers several advantages for managing access to applications like Amazon Q Developer:
- It provides a more streamlined way to manage user identities and their access to AWS accounts and applications.
- It allows you to connect your existing identity provider and synchronize users and groups from your directory.
- You can create and manage users directly in IAM Identity Center if needed.
While IAM Identity Center is the recommended approach for Amazon Q Developer Pro, the exact requirements may depend on your specific use case and how you plan to implement Amazon Q Developer in your organization. If you have concerns about migrating or need to use standard IAM roles and policies for specific reasons, it would be best to consult with AWS support or your account representative to discuss your particular situation and explore possible alternatives or exceptions.
Remember that the goal is to ensure secure and efficient access management for your users, so following the recommended best practices with IAM Identity Center is generally advisable when setting up Amazon Q Developer Pro.
Sources
Using IAM Identity Center for user access to applications only - AWS IAM Identity Center
Setting up access to the Amazon Q Developer Pro tier - Amazon Q Developer
Configuring an IAM Identity Center instance for an Amazon Q Business application - Amazon Q Business
I tried the suggested approach, getting below error:
" Failed to create Amazon Q Developer Pro subscriptions for 1 users. An error occurred while trying to create subscriptions. "
please let me know how should move forward.
I am assuming I cannot try to subscribe to amazon Q developer pro on management aws account because I tried with that. (I cannot find documentation if i can try or not so not sure)
Relevant content
- asked 4 months ago
- asked 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Hi Frank, Thanks for the clarification earlier.
I attempted to set up Amazon Q Developer Pro using an IAM Identity Center (Organization) Instance but wasn’t able to get it working. Does using an IAM Identity Center (Account) Instance instead make a difference? Are there any limitations or benefits to choosing one over the other for this setup?
It makes all the difference, because an IAM Identity Center (Account) Instance limits permissions to that specific AWS Account, whereas an Organization Instance offers multi-account permissions. The complete list of differences is listed here: https://docs.aws.amazon.com/singlesignon/latest/userguide/identity-center-instances.html
I'm encountering a 400 Bad Request error when trying to enable Amazon Q Developer via the AWS Console during the authentication step. Amazon Q Developer works great with IDE but don't know why running into this with Console access.