Supported Features

Note
Before you can use any item marked with an asterisk (*), SailPoint must activate the feature for your site.

The AWS source supports the following features:

  • Load AWS Accounts

  • *Provision AWS Accounts

  • *Access Certifications (certification of entitlements connected to AWS accounts)

  • *Password management

For more information on features, see IdentityNow Source Features.

Account Management

  • Manage IAM Users under the AWS Account as Accounts

  • Aggregate, Refresh Accounts

  • Create, Update, Enable, Disable

    Note
    For more information on enabling and disabling, see IAM User Status.

  • Change Password

  • Add/Remove Entitlements (Groups, AWS Managed Policies, Customer Managed Policies, Inline Policies)

IAM Entities

  • IAM Groups: Aggregate, Refresh

  • AWS Managed Policy Management: Aggregate, Refresh

  • Customer Managed Policies: Aggregate, Refresh

  • Inline Policies: Aggregate, Refresh

  • Role Management: Aggregate, Refresh

Tags Management

The AWS connector supports the aggregation and refresh of tags attribute for the following entities:

  • IAM User

  • IAM Role

  • Customer Managed Policy

  • Service Control Policy

  • Organization Unit

  • AWS Account

Organization Entities

The AWS Connector supports the following on Organization Entities (managed as group object only):

  • AWS Accounts Management: Aggregate, Refresh

  • Organization Unit Management: Aggregate, Refresh

  • Service Control Policy Management: Aggregate, Refresh

Permissions Management

AWS Connector supports JSON Policy for Permission Policy and Trust Policy as direct permission.

The Permission Policy for the following AWS entities are represented as Permissions:

  • AWS Managed Policies

  • Customer Managed Policies

  • Inline Policies

  • Service Control Policies

The Trust Policy for the following AWS entity is represented as direct permission:

  • Roles

Note
*Role aggregation takes care of aggregating the trust polices (entities that can assume a role) as direct permission.

Supported Features Comparison with Cloud Governance

Supported Features

AWS Connector (Standard Features)

AWS Connector (With Cloud Governance)

Account Management

  • Manage IAM Users under the AWS Account as Accounts

  • Aggregate, Refresh Accounts

  • Create, Update, Delete

  • Change Password

  • Enable and Disable

Note
For more information on enabling and disabling, refer to IAM User Status.

  • Aggregate IAM Users and its connected Entitlements (Groups, AWS Managed Policies, Customer Managed Policies, and Inline Policies)

  • Add/Remove Entitlements (Groups, AWS Managed Policies, Customer Managed Policies, and Inline Policies)

Yes

Note

Only IAM groups have user-friendly names, while all other Entitlements are displayed using ARN.

Yes

Note

Every Entitlement is displayed using user-friendly names.

Group Management*

  • Manage IAM Groups

  • Aggregate, Refresh Group

Yes

Yes

AWS Managed Policies

  • Manage as group object

  • Aggregate, Refresh

No

Yes

Customer Managed Policies

  • Manage as group object

  • Aggregate, Refresh

No

Yes

Inline Policies Management

  • Manage as group object

  • Aggregate, Refresh

No

Yes

Organization Unit

  • Manage as group object

  • Aggregate, Refresh

No

Yes

Service Control Policy

  • Manage as group object

  • Aggregate, Refresh

No

Yes

AWS Accounts

  • Manage as group object

  • Aggregate, Refresh

No

Yes

Tags Management

  • Aggregate and refresh of tags attribute for IAM User

Yes

Yes

Tags Management

Aggregate and refresh of tags attribute for the following entities:

  • IAM Role

  • Customer Managed Policy

  • Service Control Policy

  • Organization Unit

  • AWS Account

No

Yes

IAM Role Management

  • Manage as group object

  • Aggregate, Refresh

  • Provisioning *

No

Yes