There are new AI features coming to AWS that are easy and simple to use. However, focusing on further allowing customization and flexibility in developing solutions as a solution architect or developer would enhance user experience.
I would like to see an increase in available resources and custom features, as these could enhance the current capacity of operations without removing existing accesses.
Managing IAM in complex environments can be challenging, and there are several areas for improvement. First, incorporating automation tools or a centralized dashboard for managing roles and policies across multiple accounts would simplify administration, especially for large organizations. Additionally, policy debugging and validation could be more streamlined, as troubleshooting misconfigurations can be time-consuming and prone to errors. A more robust error messaging system or a dedicated debugging tool would be beneficial. Another area for improvement is temporary access credentials. AWS documentation should offer more detailed guidance on edge cases and exceptions, along with clearer examples of how to handle various scenarios. Lastly, enhanced session-level policies that are more context-sensitive and based on specific conditions (such as IP address, device, or time) would greatly increase flexibility and allow for more granular control over user sessions.
Strategist | Webops and Blockchain at Indian Institute of Technology, Madras
Real User
Top 20
2024-11-20T13:39:14Z
Nov 20, 2024
Greater visualization for security policies would be beneficial. Although IAM has an integrated development environment called AWS Policy Generator, it is not integrated with IAM Identity Center. Integrating this directly could improve ease of use for generating security policies. Additionally, beginners might find IAM extensive due to its detailed nature, which could be mitigated by providing better presets and easier visualizations.
The configuration with other tools can be hard. Integrating AWS IAM Identity Center with other applications sometimes presents challenges. Specifically, when configuring it with third-party tools, like Active Directory, the naming convention of permission sets requires careful attention, which can be confusing.
The AWS Identity Center's user interface could be improved to provide a clearer understanding of how the system operates. Although the API side is well-developed, the console can be misleading, and improvements in presenting and simplifying the understanding of advanced features would be beneficial.
I don't think there is any need for improvement in the product since everything has been created architecturally by AWS. AWS has given all the features in the tool. In the product, two groups cannot have the same name. There will be a conflict if the same name is provided to two groups in the tool. If you want to say something to another user, the tool fails to identify which group out of the two having the same name is involved in the activity. In general, the tool does not allow for the duplication of names. The aforementioned area can be considered for improvement in the product.
AWS IAM Identity Center is the recommended service for managing your workforce's access to AWS applications or your multiple AWS accounts (or both). It is a flexible solution that can be used to connect your existing identity source or help you create users in AWS. IAM Identity Center can be used alongside your existing AWS account access configurations.
There are new AI features coming to AWS that are easy and simple to use. However, focusing on further allowing customization and flexibility in developing solutions as a solution architect or developer would enhance user experience.
I would like to see an increase in available resources and custom features, as these could enhance the current capacity of operations without removing existing accesses.
Managing IAM in complex environments can be challenging, and there are several areas for improvement. First, incorporating automation tools or a centralized dashboard for managing roles and policies across multiple accounts would simplify administration, especially for large organizations. Additionally, policy debugging and validation could be more streamlined, as troubleshooting misconfigurations can be time-consuming and prone to errors. A more robust error messaging system or a dedicated debugging tool would be beneficial. Another area for improvement is temporary access credentials. AWS documentation should offer more detailed guidance on edge cases and exceptions, along with clearer examples of how to handle various scenarios. Lastly, enhanced session-level policies that are more context-sensitive and based on specific conditions (such as IP address, device, or time) would greatly increase flexibility and allow for more granular control over user sessions.
Greater visualization for security policies would be beneficial. Although IAM has an integrated development environment called AWS Policy Generator, it is not integrated with IAM Identity Center. Integrating this directly could improve ease of use for generating security policies. Additionally, beginners might find IAM extensive due to its detailed nature, which could be mitigated by providing better presets and easier visualizations.
The configuration with other tools can be hard. Integrating AWS IAM Identity Center with other applications sometimes presents challenges. Specifically, when configuring it with third-party tools, like Active Directory, the naming convention of permission sets requires careful attention, which can be confusing.
The AWS Identity Center's user interface could be improved to provide a clearer understanding of how the system operates. Although the API side is well-developed, the console can be misleading, and improvements in presenting and simplifying the understanding of advanced features would be beneficial.
I don't think there is any need for improvement in the product since everything has been created architecturally by AWS. AWS has given all the features in the tool. In the product, two groups cannot have the same name. There will be a conflict if the same name is provided to two groups in the tool. If you want to say something to another user, the tool fails to identify which group out of the two having the same name is involved in the activity. In general, the tool does not allow for the duplication of names. The aforementioned area can be considered for improvement in the product.