AWS IAM Identity Center

The AWS IAM Identity Center connector enables data to be synchronized between AWS IAM Identity Center and RAC/M Identity.

Configuration

The following parameters are required:

Configuration	Description
Region	AWS region in which the Identity Center IAM service is deployed.
IAM Identity Store Id	Identity Store identifier.
IAM Identity Store ARN	Identity Store RNA identifier.
Access Key Id	Access key identifier (see point 8 below)
Secret Access Key	Access key and secret access key.

How to create AWS Access Keys

1. Create a new IAM policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "identitystore:IsMemberInGroups",
                "identitystore:ListGroupMemberships",
                "identitystore:DescribeUser",
                "identitystore:GetGroupMembershipId",
                "identitystore:ListUsers",
                "identitystore:ListGroupMembershipsForMember",
                "identitystore:GetGroupId",
                "organizations:ListAccounts",
                "identitystore:DeleteUser",
                "identitystore:DescribeGroupMembership",
                "identitystore:DescribeGroup",
                "identitystore:CreateUser",
                "identitystore:ListGroups",
                "identitystore:GetUserId"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "sso:ListAccountAssignments",
                "sso:ListPermissionSets",
                "sso:CreateAccountAssignment",
                "sso:ListPermissionSetsProvisionedToAccount",
                "sso:DeleteAccountAssignment",
                "sso:DescribePermissionSet"
            ],
            "Resource": [
                "arn:aws:sso:::instance/*",
                "arn:aws:sso:::permissionSet/*/*",
                "arn:aws:sso:::account/*"
            ]
        }
    ]
}

2. Go in the user section and click on Create user

   Enter a name and click on Next

3. Create a new policy

   Assign to it the policy created in step 1 Click on Next

   Enter a Policy name and an optional Description for the policy Click on Create policy.

4. Validate the user before the creation and click on Create user

5. Create the key pair by clicking on Create access key.

   Select Application running outside AWS and click Next.

   Enter a description for the key and click on Create access key.

6. Downlaod the csv key file with the Download .csv file and click on Done.

   Your key configuration is now complete

7. Your AWS user configuration is complete