Integrating SailPoint and Amazon Web Services

Revised Date: 21 September 2023


IdentityIQ Connector information is now available as online help and PDF. The online help describes the latest updates for the connector.

To find documents related to a specific version of IdentityIQ, refer to the Supported Connectors for IdentityIQ page on Compass.

Configuration details for connectors may vary not only by release version but also by patch version. Be sure to refer to the correct documentation for your specific release and patch level.

The SailPoint Amazon Web Services (AWS) Connector enables organizations to extend existing identity lifecycle and compliance management capabilities within SailPoint to mission-critical AWS IaaS environments to provide a central point of visibility, administration, and governance across the entire enterprise. This includes policy discovery and access history across all organization accounts, provisioning AWS entities and objects, access review and certification, and federated access support.

IdentityIQ for Amazon Web Services manages the AWS Organizations entities such as Service Control Policies, Organization Units and AWS Accounts. It also manages the IAM (Identity Access Management) entities such as Users, Groups, Roles, Inline policies, Managed policies (AWS and Customer managed) under each AWS Account.

This document is designed to give specific information about the requirements and field definitions needed to get a working instance of an Amazon Web Services (AWS) source.


You must have an IdentityIQ Cloud Governance license to enable cloud governance features. If you already have a CAM license, no additional license purchase required. Contact your SailPoint Customer Success Manager to request access and for more information.