AWS Identity and Access Management

Sept 16, 2011

1 Should we switch from IAM users to IAM federated (temporary) users?

Should we switch from IAM users to IAM federated (temporary) users?

Pros:

we won't have 50 bazillion stale users piling up in our IAM console view over time
if the credentials do slip out, they are useless after one day

Cons:

it doesn't save any work, still need to cache the credentials in crowd
adds a little bit of complexity in that we have to check the expires time on the cache to see whether we need to get new creds for the user
still need to handle same federated user, two stacks
this will likely exacerbate the propagation delay issue, because instead of hitting it once for all time, they could hit it once per day

Questions:

assuming the propagation delay issue remains
looks like the name length restriction may be too short for an email address