Amazon managed applications that you can use with IAM Identity Center
IAM Identity Center lets you connect your existing identity source or create users once. This enables application administrators to manage access to the following Amazon managed applications without separate federation or user and group synchronization.
All of the Amazon managed applications in the following table integrate with organization instances of IAM Identity Center. The table also provides information about the following for a supported Amazon managed application:
Whether the application also integrates with account instances of IAM Identity Center
Whether the application can enable trusted identity propagation through IAM Identity Center
Whether the application supports IAM Identity Center configured with a customer managed KMS key
Whether the application supports deployment in additional Regions of IAM Identity Center
| Amazon managed application | Integrated with account instances of IAM Identity Center | Enables trusted identity propagation through IAM Identity Center | Supports IAM Identity Center configured with a customer managed KMS key | Supports deployment in additional Regions of IAM Identity Center |
|---|---|---|---|---|
| Amazon Athena SQL | Yes | Yes | Yes | No |
| Amazon CodeCatalyst | Yes | No | No | No |
| Amazon DataZone | Yes | Yes | Yes | No |
| Amazon EMR on EC2 | Yes | Yes | Yes | No |
| Amazon EMR on EKS | Yes | Yes | Yes | No |
| Amazon EMR Serverless | Yes | Yes | Yes | No |
| Amazon EMR Studio | Yes | Yes | Yes | No |
| Amazon Kendra | No | No | Yes | No |
| Amazon Managed Grafana | No | No | Yes | No |
| Amazon Monitron | No | No | No | No |
| Amazon OpenSearch Service | Yes | Yes | Yes | No |
| Amazon OpenSearch Service Serverless Service | Yes | Yes | Yes | No |
| OpenSearch user interface (Dashboards) | Yes | Yes | Yes | No |
| Amazon Q Business | Yes | Yes | Yes | No |
| Kiro | Yes(1) | Yes | Yes | No |
| Amazon Quick Suite | Yes | Yes | Yes | No |
| Amazon Redshift | Yes(2) | Yes | Yes | No |
| Amazon S3 Access Grants | Yes | Yes | Yes | Yes |
| Amazon SageMaker Unified Studio | Yes | Yes | Yes | No |
| Amazon SageMaker Studio | No | Yes | Yes | No |
| Amazon WorkMail | Yes | Yes | Yes | No |
| Amazon WorkSpaces | Yes | No | Yes | No |
| Amazon WorkSpaces Secure Browser | No | No | Yes | No |
| Amazon App Studio | Yes | No | No | No |
| Amazon Deadline Cloud | Yes | No | Yes | Yes |
| Amazon Glue | Yes | Yes | Yes | No |
| Amazon IoT Events | No | No | No | No |
| Amazon IoT SiteWise | No | No | No | No |
| Amazon Lake Formation | Yes | Yes | Yes | No |
| Amazon re:Post Private | Yes | No | Yes | No |
| Amazon Supply Chain | Yes | No | Yes | No |
| Amazon Systems Manager | No | No | Yes | Yes - Fleet Manager |
| Amazon Transfer Family web apps | Yes | Yes | Yes | No |
| Amazon Transform | Yes | No | Yes | No |
| Amazon Verified Access | No | No | Yes | No |
| Multi-party approval | No | Yes | Yes | No |
(1) For Kiro, account instances of IAM Identity Center are supported unless your users require access to the full set of Kiro features on Amazon websites. For more information, see Setting up Kiro in the Kiro User Guide.
(2) For Amazon Redshift, account instances of IAM Identity Center are supported except for applications like Query Editor v2 that require permission sets, which are not supported by account instances.
Note
Some Amazon services such as Amazon Connect and Amazon Client VPN are not listed in this table although you can use them with IAM Identity Center. This is because they integrate with IAM Identity Center exclusively using SAML and are therefore categorized as customer managed applications.