Description
We’re excited to announce the release of Amazon Web Services (SaaS) Connector in Identity Security Cloud. You can also configure this connector for Cloud Infrastructure Entitlement Management (CIEM) and Activity Insights.
The SailPoint Amazon Web Services (AWS) SaaS connector enables organizations to extend existing identity lifecycle and compliance management capabilities within SailPoint to mission-critical AWS IaaS environments to provide a central point of visibility, administration, and governance across the entire enterprise. This includes policy discovery and access history across all organization accounts, provisioning AWS entities and objects, access review and certification, and federated access support.
You can manage all the IAM entities present in the different AWS Accounts, within one AWS Organization.
High-Level Capabilities
- Key Capabilities
- This connector has a dynamic source configuration capability for “AWS Account Settings”, that will automatically detect and populate all the AWS Accounts present within an AWS Organization, providing a run time source configuration.
- We have provided a read-only and dynamic value generation capability for External ID.
- Different cloud templates for setting permissions and doing the prerequisites setup based on your requirement and use cases.
- You can also configure the same Amazon Web Services (AWS) SaaS source for Cloud Infrastructure Entitlement Management (CIEM) and Activity Insights capabilities. Please note that, to use the AWS Identity Center, you can continue to use the CIEM AWS Source.
- Account Management
- Manage IAM Users under the AWS Account as Accounts
- Aggregate, Refresh Accounts
Create, Update, Enable, Disable - Change Password
- Add/Remove Entitlements (Groups, AWS Managed Policies, Customer Managed Policies, Inline Policies)
- IAM Entities Management
- IAM Groups: Aggregate, Refresh
- AWS Managed Policy Management: Aggregate, Refresh
- Customer Managed Policies: Aggregate, Refresh
- Inline Policies: Aggregate, Refresh
- Role Management: Aggregate, Refresh
- Tags Management
- Aggregation and refresh of tags attribute for the following entities:
- IAM Role
- Customer Managed Policy
- Service Control Policy
- Organization Unit
- AWS Account
- Aggregation and refresh of tags attribute for the following entities:
- Organization Entities (managed as entitlement object only)
- AWS Accounts Management: Aggregate, Refresh
- Organization Unit Management: Aggregate, Refresh
- Service Control Policy Management: Aggregate, Refresh
- Permissions Management
- This connector supports the JSON Policy for Permission Policy and Trust Policy as a direct permission.
- The Permission Policy for the following AWS entities are represented as Permissions:
- AWS Managed Policies
- Customer Managed Policies
- Inline Policies
- Service Control Policies
- The Trust Policy for the following AWS entity is represented as direct permission:
- Roles
- Note: Role aggregation takes care of aggregating the trust polices (entities that can assume a role) as direct permission.
Important note: If you want to enable additional cloud governance features (for example, visualization of effective access) for your AWS Cloud Infrastructure, you must have a CIEM license. Contact your SailPoint Customer Success Manager to request access and for more information. For more information, refer to Supported Features.
Release Details
- Identity Security Cloud - Now Available.