Configuration Parameters
Note
Parameters with * are mandatory parameters.
The configuration parameters of AWS are as follows:
Authentication Method
Select the method that would be used to securely connect to AWS:
Applicable if Authentication Method is selected as IAM User

Enter the Access Key ID of the Service IAM User.

Enter the Secret Access Key of the Service IAM User.

Enter the role name that is created in all the AWS Accounts that are to be aggregated.
If the Amazon Resource Name (ARN) of the role contains a path, then it should be created with same path and name in all the AWS accounts. The input value must be provided as follows:
<entire Role Path>/<Role Name>.

When checked, will manage IAM entities from all the AWS accounts.

Lists all the AWS Account IDs, separated by a comma, that are to be excluded.

Lists all the AWS Account IDs, separated by a comma, that are to be included.

Enter the Region as per your AWS instance. For example, "us-east-1" for AWS commercial cloud and "us-gov-west-1" for AWS GovCloud (US).

The maximum size of each data set when querying over large number of objects for IAM entities. Default: 10
Applicable if Authentication Method is selected as IAM Role

Enter the role name that is created in all the AWS Accounts that are to be aggregated.
If the Amazon Resource Name (ARN) of the role contains a path, then it should be created with same path and name in all the AWS accounts. The input value must be provided as follows:
<entire Role Path>/<Role Name>.

Enter the External ID that is used in an IAM role trust policy to designate who can assume the role.
Note
This is mandatory if the external ID condition is provided to the IAM Role trust policy. This condition defines how and when trusted entities can assume the role.

Enter the Management Account ID of the AWS organization.
Note
Applicable if the Manage All Accounts checkbox is selected or Organization entities are present in the application schema.

When checked, will manage IAM entities from all the AWS accounts.

Lists all the AWS Account IDs, separated by a comma, that are to be excluded.

Lists all the AWS Account IDs, separated by a comma, that are to be included.

Enter the Region as per your AWS instance. For example, "us-east-1" for AWS commercial cloud and "us-gov-west-1" for AWS GovCloud (US).

The maximum size of each data set when querying over large number of objects for IAM entities. Default: 10
Additional Configuration Parameters
Following are the additional configuration parameters that can be set in the application debug page:

Default value: 3600
The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.
Set the value of the assumeRoleDurationInSeconds
parameter as follows:
<entry key="assumeRoleDurationInSeconds" value="3600"/>

Default value: SailPointUser
An identifier for the assumed role session. Use the role session name to uniquely identify a session when the same role is assumed by different principals or for different reasons. In cross-account scenarios, the role session name is visible to, and can be logged by the AWS account that owns the role.
Set the value of the assumeRoleSessionName
parameter as follows:
<entry key="assumeRoleSessionName" value="SailPointUser"/>
Additional Configuration Parameters for Throttling Support
The following parameters are used to manage the API throttling exceptions in AWS and to overcome the overload on the AWS managed system due to large data:

Maximum number of retry attempts. Default: 5

Delay in milliseconds after which a retry attempt is performed. The baseDelay will exponentially increase after every retry attempt. Default: 500
For example, if the defaultvalue is 10 seconds, for subsequent retry attempts baseDelay will be 20 seconds, and 40 secondsand so on.

Delay in milliseconds after which a retry attempt is performed. This delay is applicable to throttling errors. The throttledBaseDelay will exponentially increase after every retry attempt. Default: 1000

Maximum backoff time in milliseconds. When the sleep time increases exponentially after each retry attempt, this value would be set to the maximum limit of the sleep time. Default: 20000
Note
The additional configuration parameters for throttling support are present out of the box for new and existing application with the default values mentioned.
Note
The connector uses the AWS SDK's retry mechanism, therefore the connector will only retry the errors that the AWS SDK is retrying.