Considerations for Amazon Web Services Management Console Private Access - Amazon IAM Identity Center
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Considerations for Amazon Web Services Management Console Private Access

If your organization uses the Amazon Web Services Management Console Private Access feature, you should consider how your users will sign-in to IAM Identity Center.

A VPC endpoint policy restricts sign-in to the management console, which prevents your users from signing in to Amazon Web Services accounts they're not authorized to access. For more information, see Amazon Web Services Management Console Private Access in the Amazon Web Services Management Console Getting Started Guide.

VPC endpoints block sign-in to the IAM Identity Center

It's important to note that using VPC endpoints will block sign-in to the IAM Identity Center. This happens when a user is already logged into the management console through the VPC endpoint. To ensure your users can continue to sign-in to IAM Identity Center, they must use the public endpoint for Amazon sign-in, rather than the VPC endpoint.