skip to Main Content

I want to enable IAM Identity Center and configure an external IdP for an existing AWS account. This AWS account already has users, created with IAM.

What happens to these users?

I’m especially worried about users used by my application to, for example, access S3 buckets. They have no password but only an access key and secret. Will these users’ keys work after the configuration of the external IdP?

Thanks

2

Answers


  1. From Does using the IAM Identity Center affect my IAM identities or federation configuration?

    The IAM Identity Center is independent of identity federation
    configured using IAM. Using the IAM Identity Center doesn’t impact IAM
    identities or your federation configuration.

    Note, AWS IAM Identity Center makes it easy to centrally manage access to multiple AWS accounts and provide users with single sign-on access to all their assigned accounts from one place.

    If you have only one account, you don’t necessarily need to use AWS IAM Identity Center to configure an external IDP (you can, but it’s not mandatory), you can also configure an external IDP at the account level (in IAM > Identity providers).

    Login or Signup to reply.
  2. IAM (Identity and Access Management) and IAM Identity Center are completely separate services, so enabling AWS IAM Identity Center will not affect the users or roles in your account in any way. You can configure and use both IAM Identity Center access portal login and IAM console login simultaneously without any issues. Your users that use Access keys will still be able to use their access keys.

    When you use IAM Identity Center to configure your external identity provider (IDP), Identity Center creates a new Identity Provider SSO in IAM. It looks something like "AWSSSO_XXXXXXXXXX_DONOTDELETE".

    https://docs.aws.amazon.com/singlesignon/latest/userguide/get-started-prereqs-considerations.html

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search