Integrating SailPoint and Amazon Web Services

Revised Date: 04 June 2024

Note

IdentityIQ connector information is now available as online help and PDF. The online help describes the latest updates for the connector.

To find documents related to a specific version of IdentityIQ, refer to the Supported Connectors for IdentityIQ page on Compass.

Configuration details for connectors may vary not only by release version but also by patch version. Be sure to refer to the correct documentation for your specific release and patch level.

The SailPoint Amazon Web Services (AWS) Connector enables organizations to extend existing identity lifecycle and compliance management capabilities within SailPoint to mission-critical AWS IaaS environments to provide a central point of visibility, administration, and governance across the entire enterprise. This includes policy discovery and access history across all organization accounts, provisioning AWS entities and objects, access review and certification, and federated access support.

IdentityIQ for Amazon Web Services manages the AWS Organizations entities such as Service Control Policies, Organization Units and AWS Accounts. It also manages the IAM (Identity Access Management) entities such as Users, Groups, Roles, Inline policies, Managed policies (AWS and Customer managed) under each AWS Account.

This document is designed to give specific information about the requirements and field definitions needed to get a working instance of an Amazon Web Services (AWS) source.

Important

If you want to enable additional cloud governance features (for example, visualization of effective access) for your AWS Cloud Infrastructure, you must have a IdentityIQ Cloud Governance license. If you already have a CAM license, no additional license purchase is required. Contact your SailPoint Customer Success Manager to request access and for more information.

For more information on the additional features supported with cloud governance, refer to the table on the Supported Features page.