AWS IAM Identity Center
Jump to navigation
Jump to search
An AWS IAM Identity Center is an Identity and Access Management (IAM) service offered by Amazon Web Services (AWS).
- Context:
- It can provide secure permission-based access controls for workforce identities across multiple AWS accounts and applications.
- It can be used to create or connect workforce user accounts and manage their access rights.
- It can allows for Attribute-Based Access Control (ABAC) to provide fine-grained permissions to workforce based on certain attributes defined in the IAM Identity Center identity store.
- It can enables Single Sign-On (SSO) across all AWS accounts, applications, and SAML 2.0 applications, further simplifying user access and experience.
- It can serves as a tool that helps organizations meet security and compliance requirements, providing Multi-Factor Authentication (MFA), risk-based authentication, and audit logging capabilities.
- …
- Example(s):
- Counter-Example(s):
- Direct user access configuration on individual AWS resources, bypassing IAM Identity Center.
- Using a non-Amazon IAM tool for access control in an AWS environment.
- See: Identity and Access Management, Attribute-Based Access Control, Single Sign-On, AWS SSO Group.
References
2023
- GBard
- AWS IAM Identity Center is a centralized identity and access management (IAM) service that helps you securely create or connect your workforce identities and manage their access across all your AWS accounts and applications. IAM Identity Center is the recommended approach for workforce authentication and authorization on AWS for organizations of any size and type.
- Here are some of the key benefits of using AWS IAM Identity Center:
- Centralized identity management: IAM Identity Center provides a single place to create or connect workforce users and groups, and to manage their access to all AWS accounts and applications. This simplifies and centralizes your access administration, and makes it easier to enforce security and compliance policies.
- Attribute-based access control (ABAC): IAM Identity Center allows you to create and use fine-grained permissions for your workforce based on user attributes defined in your IAM Identity Center identity store. This simplifies and centralizes your access administration, and allows you to grant or revoke access based on user attributes, such as cost center, title, or locale.
- Single sign-on (SSO): IAM Identity Center provides SSO access to all AWS accounts and applications, as well as to SAML 2.0 applications. This simplifies the user experience and makes it easier for your workforce to access the resources they need.
- Security and compliance: IAM Identity Center is designed to help you meet your security and compliance requirements. It provides support for multi-factor authentication (MFA), risk-based authentication, and audit logging.