Cannot open IAM Identity Center / Region issue

2

I was following tutorials with links during setup. I enabled IAM Identity Center, created a few users, and onboarded them with MFA.

Now when I go to AWS console and try to navigate to IAM Identity Center, I get to the Getting Started page with Identity disabled. When I click the enable button, response is "An error occurred You have already registered another region".

Only then I realised Identity works only on a specific region, but since I used tutorial links I don't know the region in which it's created.

I want to disable it and start all over, but cannot disable.

Side note: I also used plain IAM, and can still use it. When I navigate to IAM I end up in us-east-1 (https://us-east-1.console.aws.amazon.com/iam/home?region=eu-north-1#/home) even though my AWS Console is in eu-north-1. Is this okay? I can use CLI using IAM Secrets, so looks fine, ut I don't want to run into issues in the future.

5 個答案
0

Hello.

You can identify this by opening the IAM Identity Center console for each region.

Side note: I also used plain IAM, and can still use it. When I navigate to IAM I end up in us-east-1 (https://us-east-1.console.aws.amazon.com/iam/home?region=eu-north-1#/home) even though my AWS Console is in eu-north-1. Is this okay?

Yes, this is normal.

profile picture
專家
已回答 5 個月前
  • Alternatively, you can run the shell script below to find out which region it is set in.

    #!/bin/bash
    
    regions=$(aws ec2 describe-regions --query "Regions[*].RegionName" --output text)
    
    for region in $regions; do
            echo "Executing in region: $region"
            aws sso-admin list-instances --region "$region"
            echo "----------------------------------------"
    done
    

    If you are in a region where IAM Identity Center is configured, you can see the following response.

    {
        "Instances": [
            {
                "CreatedDate": "2022-04-16T12:59:49.118000+00:00",
                "IdentityStoreId": "d-xxxxxxxx",
                "InstanceArn": "arn:aws:sso:::instance/ssoins-7xxxxxxxxxxx",
                "OwnerAccountId": "111111111111",
                "Status": "ACTIVE"
            }
        ]
    }
    
  • Hi Riku, Using your script, eu-north-1 was where Identity was active. However, if I open https://eu-north-1.console.aws.amazon.com/singlesignon/home?region=eu-north-1 it still shows the "enable" button and when I click enable it gives the same error.

  • I tried to remove the eu-north-1 instance with CLI using root credentials aws sso-admin delete-instance --instance-arn arn:aws:sso:::instance/ssoins-6508492cb9c98300 but was not allowed:

    An error occurred (AccessDeniedException) when calling the DeleteInstance operation: User: arn:aws:iam::058264075590:root is not authorized to perform: sso:DeleteInstance on resource: arn:aws:sso:::instance/ssoins-6508492cb9c98300 because no resource-based policy allows the sso:DeleteInstance action
    
  • Is the AWS account you are trying to enable IAM Identity Center for an Organizations managed account?

  • Is there a way to delete Identity Center using AWS CLI?

0

They have a bug, After you create an organization, it will disable your previously configured IAM Identity Center. And you will not be able to enable it again, it will show the mentioned error.

已回答 4 個月前
  • Thanks! It seems my case is this. So is there any way to walk around?

  • Thanks! It seems my case is this. So is there any way to walk around?

0

Thanks for the discussion. I am facing the exact same problem. Am new to learning AWS

  1. This is my personal account (free account).
  2. Created an user and a group on my IAM Identify center couple of days back.
  3. Since yesterday not able to navigate to my identify center. Same message.
  4. Checked in all the regions (one by one) but I am pretty sure I opened it on us-east-1. (checked my browser history) - same error message while clicking on Enable
  5. This is not an organisation managed acct (though I was planning to create one today)

Of course I can use IAM to create users and groups but was checking if their is a solution to my problem or not. thanks jaideep

已回答 5 個月前
0

I have the exact same problem, and despite going through every single region to test to see which one my IAM Identity Center is under, I am unable to locate it.

已回答 5 個月前
0

I faced the same problem when I created IAM for personal account, but had created organization after that.

Removing organization resolved the issue.

已回答 5 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南