- Newest
- Most votes
- Most comments
You can still access your AWS account in Identity Center and still use other regions.
The advantage of the "IAM Identity Center" is that unlike IAM users, there is no need to create users for each AWS account.
The management account will be able to manage everything.
This is a great benefit for customers who have multiple AWS accounts.
The "IAM Identity Center" can also issue access keys that expire in a few hours, making them more secure than permanent access keys for IAM users.
https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
One thing to note (although this wasn’t your concern) is that IdC does have a dependency on one region. Meaning that there’s a small chance that if that region has an event that makes it inaccessible, IdC won’t work at all - and all users won’t be able to log in. Although a whole region being inaccessible is unlikely, it’s possible - and AWS recommends having a “break glass” ability to log in with IAM just in case.
Relevant content
- asked 7 months ago
- asked 2 years ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Regarding "You can still access your AWS account in Identity Center and still use other regions" I need some clarity. Do you mean that if I create the Identity Center in US East, then a user signing in through the Identity Center (and not as an IAM user) can create resources in Asia Pacific?
Yes, that is correct.
Even if you set up an "IAM Identity Center" in US East, you can create resources in other regions.