IAM Identity Center now supports customer-managed AWS Key Management Service (KMS) keys for encrypting workforce identity data, including user and group attributes. While AWS-owned keys are used by default, customer-managed keys (CMKs) provide granular control over identity data access, enhancing security and compliance capabilities. IAM Identity Center helps you securely create, or connect, your workforce identities and manage their access centrally across AWS applications and accounts.
You create a CMK and manage its lifecycle and usage permissions in AWS KMS. You can configure the CMK in your IAM Identity Center instance either while enabling a new organization instance or on an existing one. You can then use AWS CloudTrail to monitor and audit the usage of your CMK for access to identity data in IAM Identity Center.
Support for CMKs in organization instances of IAM Identity Center is now available for access to accounts and select AWS applications in all AWS Regions where IAM Identity Center is available. Standard AWS KMS charges apply to storing and using CMKs. IAM Identity Center is provided at no additional cost.
To learn more about IAM Identity Center, visit the product detail page. To get started with using CMKs, please refer to the IAM Identity Center User Guide.
Categories: general:products/aws-iam-identity-center,marketing:marchitecture/security-identity-and-compliance
Source: Amazon Web Services
Latest Posts
- Microsoft Copilot Studio – Org-Wide Sharing Control for Agents Built in Copilot Studio lite [MC1176373]
- GPT-5 becomes the default Copilot model [MC1176368]
- Microsoft Copilot Studio: Copy an agent from the lite experience into the full experience [MC1176363]
- Microsoft Outlook: Enhanced search experience with Copilot in Classic Outlook [MC1176366]
![Updates available for Microsoft 365 Apps for Current Channel [MC1158256]](https://mwpro.co.uk/wp-content/uploads/2024/08/pexels-karolina-grabowska-4219862-150x150.webp "Updates available for Microsoft 365 Apps for Current Channel [MC1158256] 7")