AWS Identity and Access Management
Should we switch from IAM users to IAM federated (temporary) users?
Pros:
- we won't have 50 bazillion stale users piling up in our IAM console view over time
- if the credentials do slip out, they are useless after one day
Cons:
- it doesn't save any work, still need to cache the credentials in crowd
- adds a little bit of complexity in that we have to check the expires time on the cache to see whether we need to get new creds for the user
- still need to handle same federated user, two stacks
- this will likely exacerbate the propagation delay issue, because instead of hitting it once for all time, they could hit it once per day
Questions:
- assuming the propagation delay issue remains
- looks like the name length restriction may be too short for an email address