Reputation: 1630
What is the difference between users presented in Identity and Access Managenment (IAM) and IAM identity center?
Once I added a user to my AWS account, and it is present on the "Identity and Access Management (IAM)" page now. But it is absent on "IAM Identity Center" page. Why?
Isn't "IAM Identity Center" just another way of managing the same users?
I expect to see the same users in both "IAM Identity Center" and "IAM Identity Center".
Upvotes: 8
Views: 1939
Answers (4)
Reputation: 1
I've got the same question as you did, and found some interesting topics to share.
On this topic an AWS expert says, among other things:
IAM Identity Center enables you to manage workforce user access to multiple AWS accounts and cloud applications where as IAM user is the user, which is native to this account and would be able to access the account in which it was created.
Then, on this second topic another AWS expert pointed out that IAM Identity Center users can:
- User can reset the password by himself in case of missing a password.
- Administrator can enforce user to setup MFA on first sign in.
- User accesses target AWS account by assuming role (more secure)
- etc...
Basically, from what I could understand, IAM should be used when creating a backup access to your root account, or for your own personal use. While AWS Identity Center creates more independent users, with their own login credentials, that you could possible share with other coworkers alike.
Upvotes: 0
Reputation: 843
As i understand IAM Identity center is something which sits outside of your accounts and you can create users there and also from separate idp.
In Identity center you can provide access to users across multiple accounts. Moreover identity center users have different login url known as access portal url rather than the normal aws console login url
But an IAM user is created in a particular account and have access keys. Yes, the same user can have console-signin as well (if enabled) but only on the particular account it was created in, unlike Identity center user who can have console access to multiple accounts(obviously if configured)
Generally a human user who needs portal access is preferably created in IAM Identity Center while a user who needs to programmatically access aws resources is preferably created as IAM user
Upvotes: 0
Reputation: 21
The IAM Identity Center is designed for adding or inviting other AWS accounts to your organization account. It can also be used to create federated users or single sign on users. AWS recommends it when giving a user console access. On the other hand. Identity and Access Management Center is designed for creation of users so as to enable access to AWS resources. It is the best place to create IAM users for Access and Secret key generation
Upvotes: 2
Reputation: 1596
An IAM user and an IAM Identity Center user are two distinct identities.
Upvotes: 2
Related Questions
- ldconfig -p(not ldconfig) equivalent command in Mac
- MacOSX: which dynamic libraries linked by binary?
- dyld: Library not loaded despite correct rpath
- How to delete Dyld's Shared Cache on High Sierra?
- Simple Shared Library MacOS
- GNU Linker equivalent command in OS X
- Linking with .dylib library from the command line using clang
- ldconfig equivalent in Mac OS X?
- ld command on OSX
- Equivalent of DYLD_PRINT_LIBRARIES on linux?