Supported Features
Note
Before you can use any item marked with an asterisk (*), SailPoint must activate the feature for your site.
The AWS source supports the following features:
-
Load AWS Accounts
-
-
-
For more information on features, refer to Identity Security Cloud Source Features.
Account Management
-
Manage IAM Users under the AWS Account as Accounts
-
Aggregate, Refresh Accounts
-
Note
For more information on enabling and disabling, see IAM User Status. -
Change Password
-
Add/Remove Entitlements (Groups, AWS Managed Policies, Customer Managed Policies, Inline Policies)
IAM Entities
-
IAM Groups:
-
AWS Managed Policy Management: Aggregate, Refresh
-
-
-
Role Management:
Tags Management
The AWS connector supports the aggregation and refresh of tags attribute for the following entities:
-
IAM User
-
IAM Role
-
Customer Managed Policy
-
Service Control Policy
-
Organization Unit
-
AWS Account
Organization Entities
The AWS Connector supports the following on Organization Entities (managed as group object only):
-
AWS Accounts Management: Aggregate, Refresh
-
Organization Unit Management: Aggregate, Refresh
-
Service Control Policy Management: Aggregate, Refresh
Permissions Management
AWS Connector supports JSON Policy for Permission Policy and Trust Policy as direct permission.
The Permission Policy for the following AWS entities are represented as Permissions:
-
AWS Managed Policies
-
Customer Managed Policies
-
Inline Policies
-
Service Control Policies
The Trust Policy for the following AWS entity is represented as direct permission:
-
Roles
Note
*Role aggregation takes care of aggregating the trust polices (entities that can assume a role) as direct permission.
Supported Features Comparison with Cloud Governance
Important
If you want to enable additional cloud governance features (for example, visualization of effective access) for your AWS Cloud Infrastructure, you must have a Sailpoint CIEM license. If you already have a Cloud Access Management license, no additional license purchase is required. Contact your SailPoint Customer Success Manager to request access and for more information.
|
Supported Features |
AWS Connector (Standard Features) |
AWS Connector (With Cloud Governance) |
|---|---|---|
|
Account Management
Note
|
Yes Note
Only IAM groups have user-friendly names, while all other Entitlements are displayed using ARN. |
Yes Note
Every Entitlement is displayed using user-friendly names. |
|
Group Management*
|
Yes |
Yes |
|
AWS Managed Policies
|
No |
Yes |
|
Customer Managed Policies
|
No |
Yes |
|
Inline Policies Management
|
No |
Yes |
|
Organization Unit
|
No |
Yes |
|
Service Control Policy
|
No |
Yes |
|
AWS Accounts
|
No |
Yes |
|
Tags Management
|
Yes |
Yes |
|
Tags Management Aggregate and refresh of tags attribute for the following entities:
|
No |
Yes |
|
IAM Role Management
|
No |
Yes |