- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Hello Donald,
To answer your first question, the difference between IAM and IAM Identity Center is that they are two different services. IAM is, first and foremost, a simpler service to use than Identity Center.
However, according to best security practices, we should use the Identity Center. Using IC, we can have SSO, which will also enforce the best practice of least privilege and temporary access tokens using the STS service, which is going to be (talking from experience) a way easier way to set up an architecture with many roles and many users.
In addition, we are going to have a centralized place to manage permissions; we can Integrate Identity Center with existing user directories like Active Directory using SAML 2.0. This allows you to manage users externally and federate access to AWS accounts.
To answer your second question, you do not see this tab because you are using a standalone AWS account instance of IAM Identity Center rather than an AWS Organizations managed account instance. Some advanced features, like multi-account permissions, are not available in the standalone account version.
To use multi-account permissions, you need to set up the IAM Identity Center using an AWS Organizations-managed account instance. This allows you to centrally manage access for multiple AWS accounts from a single Identity Center administration portal.
Here is a link to implement this feature
https://www.youtube.com/watch?v=_KhrGFV_Npw&ab_channel=TinyTechnicalTutorials
Q1: Difference between IAM Identity Center > Dashboard and IAM > Dashboard:
AWS Identity and Access Management (IAM) and IAM Identity Center (formerly known as AWS Single Sign-On or AWS SSO) serve different but complementary roles within AWS's security services.
-
IAM > Dashboard: This is the main dashboard for AWS Identity and Access Management (IAM). IAM is used to manage access to AWS services and resources securely. Here, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. It does not natively support identity federation with external directories or SSO across multiple AWS accounts.
-
IAM Identity Center > Dashboard: IAM Identity Center, on the other hand, is used to manage access to multiple AWS accounts and applications centrally. It provides single sign-on capabilities to make it easier for users to access all their assigned accounts and applications from one place. It supports identity federation and helps in managing permissions for users across multiple AWS accounts.
Q2: Where to find "Multi-account permissions, choose Permission sets":
Useful Resource:
Thank you Julian for your quick reply and insights! I will review the YouTube link to implement, setup IAM Identity Center as an AWS Organization. Best Regards, Donald
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 25 Tagen
- AWS OFFICIALAktualisiert vor 4 Jahren
Hi Osvaldo! Thank you for your quick reply! My account does not have the menu options for "Multi-account permissions" because it is a stand-alone account (thanks Julian for that info). So is there another way for me complete step 2, "Set up access permissions" in order export CloudWatch group logs to S3? ie Step 1: Create an Amazon S3 bucket Step 2: Set up access permissions
Best Regards, Donald