IAM Identity Center prerequisites and considerations - Amazon IAM Identity Center
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

IAM Identity Center prerequisites and considerations

You can use IAM Identity Center for access to Amazon managed applications only, Amazon Web Services accounts only, or both. If you are using IAM federation to manage access to Amazon Web Services accounts, you can continue to do so while using IAM Identity Center for application access.

Before enabling IAM Identity Center, consider the following:

  • Amazon Region

    You can enable IAM Identity Center in a single, supported Region for each instance of IAM Identity Center. If you want to use IAM Identity Center for single-sign on access to Amazon accounts, the Region must be accessible by all of the users in your organization. If you plan to use IAM Identity Center for application access, be aware that some Amazon managed applications, such as Amazon SageMaker AI, can operate only in the Regions they support. Make sure that you enable IAM Identity Center in a Region supported by the Amazon managed application(s) you want to use with it. Additionally, many Amazon managed applications can operate only in the same Region where you enabled IAM Identity Center. For these reasons, make sure to choose the appropriate Region when enabling IAM Identity Center. For more information, see Considerations for choosing an Amazon Web Services Region.

  • Application access only

    You can use IAM Identity Center only for user access to applications such as Amazon Q Developer, using your existing identity provider. For more information, see Using IAM Identity Center for user access to applications only.

    Note

    Access to application resources is managed independently by the application owner.

  • Quota for IAM roles

    IAM Identity Center creates IAM roles to give users permissions to account resources. For more information, see IAM roles created by IAM Identity Center.

  • IAM Identity Center and Amazon Organizations

    Amazon Organizations is recommended, but not required, for use with IAM Identity Center. If you haven't set up an organization, you don't have to. If you've already set up Amazon Organizations and are going to add IAM Identity Center to your organization, make sure that all Amazon Organizations features are enabled. For more information, see IAM Identity Center and Amazon Organizations.