[jacurtis]

I should add. Which identity center (previously called AWS SSO) you can tie it into your G-Suite or Microsoft 365 and just have it create AWS accounts for new hires as you onboard them by making email accounts. When they leave it automatically removes their access.

Not to mention the quality of life on this tool is incredible. When you truly have tens or hundreds of AWS accounts, the SSO tool makes it so nice to jump between them as an actual user. And I’m actually a huge fan of the CLI integration to get CLI access to any of them with a simple command on the AWS CLI. It’s super slick and will save you probably 5 hours the first week you use it.

We started using it a year ago and it’s been a game changer at our organization. As a user I don’t ever want to go back to normal IAM. Such a pain.