Showing results for 
Show  only  | Search instead for 
Did you mean: 

Amazon Web Services (AWS) Connector

Amazon Web Services (AWS) Connector


IMPORTANT: You must purchase Cloud Access Management to enable Cloud Governance features. Contact your SailPoint CSM to request access.


Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow. The SailPoint Amazon Web Services (AWS) Connector can be used to manage all the AWS Accounts in your organization or a subset of AWS Accounts. IdentityIQ for Amazon Web Services manages the AWS Organizations entities such as Service Control Policies, Organization Units and AWS Accounts. It also manages the IAM (Identity Access Management) entities such as Users, Groups, Roles, Inline policies, Managed policies (AWS and Customer managed) under each AWS Account.


Support Level: SailPoint Delivered

Connectors developed by SailPoint's Engineering team and supported under annual SailPoint support and maintenance. Reach out to SailPoint support for assistance.


Supported Use Cases

  • Full Account Aggregation
  • Single Account Aggregation
  • Full Entitlement Aggregation
  • Full Group Aggregation
  • Single Group Aggregation
  • Create Account Provisioning
  • Update Account Provisioning
  • Delete Account Provisioning
  • Create Group Provisioning*
  • Update Group Provisioning*
  • Delete Group Provisioning*
  • Enable / Disable Account Provisioning
  • Unlock Account Provisioning
  • Change Account Password
  • Add Entitlement(s)
  • Remove Entitlement(s)

*This feature is currently supported only with the IdentityIQ platform

Supported Versions

  • Amazon Web Services 


Related Documentation




Contact Us

SailPoint Support

SailPoint Professional Services


Does IdentityIQ AWS connector support add Tags to AWS IAM User Account profile part of account provisioning process?



Does IdentityIQ AWS connector also manage AWS Single Sign-On (SSO)?

I was wondering the same, does the IdentityIQ AWS connector also manage AWS Single Sign-On (SSO)?

@vonschwc  The IdentityIQ AWS connector is specifically designed to integrate with and manage access to AWS resources, such as IAM users, groups, and roles. You can try to use Web-service or SCIM connector for AWS SSO. 

Currently this connector does not support federated Active Directory Security Group/Role to connect to AWS IAM Accounts, I believe the product manager mentioned this should be implemented in 8.3p1. 

I have configured IdentityNow using the Amazon Web Services (AWS) Connector and am now able to report on IAM Users. However I also have some AWS SSO users and am not able to report on these SSO users. Does the Amazon Web Services (AWS) Connector also manage AWS Single Sign-On (AWS SSO) users?

AWS has released a new API recently. Should we use the generic Webservice connector for that?
Announcing new AWS IAM Identity Center (successor to AWS SSO) APIs to manage users and groups at sca...

is there a SailPoint integration with AWS IAM Identity Center (Successor to AWS Single Sign-On)?

is there a SailPoint integration with AWS IAM Identity Center (Successor to AWS Single Sign-On)?

@parth1 @CJump There isn't. You need to create a custom connector.

Does Sailpoint now support the AWS IAM identity Center now? 

Where can I get details on creating a custom connector in order to integrate with AWS IAM identity Center ?

Are there any plans to offer this integration out of the box as part of the IdentityIQ product ?

is there any update from SailPoint on integration with AWS IAM Identity Center ?

Do you guys have a demo on what IdentityIQ --> AWS connector can do? A video would be enough

I am interested in same topic - could someone from SailPoint respond to the question about an IIQ integration to AWS IAM Identity Center? 


@kcarrosino there is no connector right. But I encourage you and every one who wants this connector to be included in IIQ to check the in discovery topic about this:


Else you will need to create a custom connector to do it thanks to AWS SDK.

Version history
Revision #:
11 of 11
Last update:
‎May 26, 2023 11:32 AM
Updated by: