If you're already using cloud services, you're likely familiar with the concept of IAM (Identity and Access Management). IAM allows us to set permissions to restrict which specific services and resources users can access, achieving the goal of delegated yet centralized management. Today, we will introduce AWS IAM Identity Center, an extension of IAM concepts, and showcase AWS's powerful IAM capabilities.

What is AWS IAM Identity Center?

AWS IAM Identity Center, formerly known as AWS Single Sign-On (AWS SSO), simplifies access management by allowing you to create or link users and set their permissions through a single portal. This means that after configuring user access, you only need a single sign-on to access all accounts and applications. This is particularly beneficial for companies that need to manage numerous workforce identities and customer accounts. AWS IAM Identity Center is a free service that lets you assign permissions across multiple accounts or specific applications, making it an ideal management tool.

Key Features of AWS IAM Identity Center

AWS IAM Identity Center offers four main features:

1. Workforce Identity Management

   • For employees who need access to internal company data or play a developer role, you can create users and groups in IAM Identity Center or link existing users and groups from your identity source to authorize access to all AWS accounts and applications.

2. Instance Management

   • IAM Identity Center supports the management of organization instances and account instances. Deploying organization instances in the management account of AWS Organizations allows you to manage user access across the entire AWS environment from a single point. Account instances, tied to specific AWS accounts, enable isolated deployment of AWS-hosted applications.

3. AWS Account Access Management

   • Multi-account permissions allow you to set resource access permissions across multiple AWS accounts simultaneously. This includes frequently used services and security settings, which can then be assigned to different employees for centralized access management.

4. Application Access Management

   • IAM Identity Center grants users single sign-on access to applications, such as AWS-hosted applications like Amazon Redshift, which integrates with IAM Identity Center for authentication and directory services. Customer-managed applications, such as SAML 2.0 apps like Microsoft 365, can also be used with IAM Identity Center. Additionally, trusted identity propagation enables users to access AWS service data across applications using tools and BI applications.

Conclusion

This brief introduction to AWS IAM Identity Center highlights its role in extending IAM capabilities for more efficient and centralized access management. For a deeper understanding, you can refer to the official documentation or try it out yourself.

References: 〈What is IAM Idnetity Center？〉
https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html