Amazon managed applications that you can use with IAM Identity Center
Note
Customer managed KMS keys for Amazon IAM Identity Center are currently available in select Amazon Regions.
IAM Identity Center lets you connect your existing identity source or create users once. This enables application administrators to manage access to the following Amazon managed applications without separate federation or user and group synchronization.
All of the Amazon managed applications in the following table integrate with organization instances of IAM Identity Center. The table also provides information about the following for a supported Amazon managed application:
Whether the application also integrates with account instances of IAM Identity Center
Whether the application can enable trusted identity propagation through IAM Identity Center
Whether the application supports IAM Identity Center configured with a customer managed KMS key
| Amazon managed application | Integrated with account instances of IAM Identity Center | Enables trusted identity propagation through IAM Identity Center | Supports IAM Identity Center configured with a customer managed KMS key |
|---|---|---|---|
| Amazon AppStream 2.0 | No | No | No |
| Amazon Athena SQL | Yes | Yes | Yes |
| Amazon CodeCatalyst | Yes | No | No |
| Amazon Connect | No | No | No |
| Amazon DataZone | Yes | Yes | No |
| Amazon EMR on Amazon EC2 | Yes | Yes | No |
| Amazon EMR Studio | Yes | Yes | Yes |
| Amazon Kendra | No | No | No |
| Amazon Managed Grafana | No | No | No |
| Amazon Monitron | No | No | No |
| Amazon OpenSearch Service | Yes | Yes | No |
| Amazon OpenSearch Service Serverless Service | Yes | Yes | Yes |
| OpenSearch user interface (Dashboards) | Yes | Yes | Yes |
| Amazon Q Business | Yes | Yes | Yes |
| Amazon Q Developer | Yes* | No | No |
| Amazon QuickSight | Yes | Yes | Yes |
| Amazon Redshift | Yes | Yes | No |
| Amazon S3 Access Grants | Yes | Yes | No |
| Amazon SageMaker Unified Studio | Yes | Yes | Yes |
| Amazon SageMaker Studio | No | Yes | No |
| Amazon WorkMail | Yes | Yes | No |
| Amazon WorkSpaces | Yes | No | No |
| Amazon WorkSpaces Secure Browser | No | No | Yes |
| Amazon App Studio | Yes | No | No |
| Amazon Client VPN | No | No | No |
| Amazon CLI | No | No | No |
| Amazon Deadline Cloud | Yes | No | No |
| Amazon Glue | Yes | Yes | |
| Amazon IoT Events | No | No | No |
| Amazon IoT Fleet Hub | No | No | No |
| Amazon IoT SiteWise | No | No | No |
| Amazon Lake Formation | Yes | Yes | No |
| Amazon re:Post Private | Yes | No | No |
| Amazon Supply Chain | Yes | No | No |
| Amazon Systems Manager | No | No | Yes |
| Amazon Transfer Family web apps | Yes | Yes | No |
| Amazon Transform | Yes | No | Yes |
| Amazon Verified Access | No | No | Yes |
| Multi-party approval | No | Yes | Yes |
* For Amazon Q Developer, account instances of IAM Identity Center are supported unless your users require access to the full set of Amazon Q Developer features on Amazon websites. For more information, see Setting up Amazon Q Developer in the Amazon Q Developer User Guide.