Supported Features

Note
*Role aggregation takes care of aggregating the trust polices (entities that can assume a role) as direct permission.

Important
You must have an IdentityIQ Cloud Governance license to enable cloud governance features. If you already have a CAM license, no additional license purchase is required. Contact your SailPoint Customer Success Manager to request access and for more information.

Supported Features	IdentityIQ AWS Connector (Standard Features)	IdentityIQ AWS Connector (With Cloud Governance SKU)
Account Management Manage IAM Users under the AWS Account as Accounts Aggregate, Refresh Accounts Create, Update, Delete Change Password Enable and Disable Note For more information on enabling and disabling, refer to IAM User Status. Aggregate IAM Users and its connected Entitlements (Groups, AWS Managed Policies, Customer Managed Policies, and Inline Policies) Add/Remove Entitlements (Groups, AWS Managed Policies, Customer Managed Policies, and Inline Policies)	Yes Note Only IAM groups have user-friendly names, while all other Entitlements are displayed using ARN.	Yes Note Every Entitlement is displayed using user-friendly names.
Group Management* Manage IAM Groups Aggregate, Refresh Group Create, Update, Delete	Yes	Yes
AWS Managed Policies Manage as group object Aggregate, Refresh	No	Yes
Customer Managed Policies Manage as group object Aggregate, Refresh, Create, Update Note Updating the Customer Managed Policy creates a new policy version.	No	Yes
Inline Policies Management Manage as group object Create, Update Aggregate, Refresh	No	Yes
Organization Unit Manage as group object Aggregate, Refresh	No	Yes
Service Control Policy Manage as group object Aggregate, Refresh	No	Yes
AWS Accounts Manage as group object Aggregate, Refresh	No	Yes
Tags Management Aggregate and refresh of tags attribute for IAM User	Yes	Yes
Tags Management Aggregate and refresh of tags attribute for the following entities: IAM Role Customer Managed Policy Service Control Policy Organization Unit AWS Account	No	Yes
IAM Role Management Manage as group object Aggregate, Refresh Provisioning * Update, Add, and Remove AWS Managed Policy or Customer Managed Policy from Role.	No	Yes