Securely accessing external accounts with AWS IAM Identity Center

Public Sector Blog

This article provides a step-by-step guide for securely integrating external AWS accounts with AWS IAM Identity Center to enable single sign-on access, particularly for researchers and government agencies accessing Open Data Sponsorship Program resources.

Use SAML 2.0 federation to establish trust between IAM Identity Center and external AWS accounts
Create custom IAM Identity Center application and download SAML metadata file
Configure SAML identity provider in external account using downloaded metadata
Create IAM role with appropriate permissions for federated users
Map SAML attributes linking Identity Center application to external IAM role
Assign users to application and verify successful federation and access
Eliminates need for separate access keys; enables centralized user management
Provides granular access control through IAM roles and policies

This solution enables secure, centralized access to external AWS accounts while maintaining strict security controls and organizational policy alignment.

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Nov 19
2025

Simplify access to external services using AWS IAM Outbound Identity Federation

Nov 20
2025

AWS IAM enables identity federation to external services using JSON Web Tokens (JWTs)

Mar 14
2026

Deploy AWS applications and access AWS accounts across multiple Regions with IAM Identity Center

Jul 21
2025

Beyond IAM access keys: Modern authentication approaches for AWS

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Securely accessing external accounts with AWS IAM Identity Center

Related articles