Skip to content
English - United States
  • There are no suggestions because the search field is empty.

Integration Guide: Amazon Web Services (AWS)

Learn How to Connect the AWS Integration

Published Date: June 25, 2026 | Last Updated: June 26, 2026

Overview

The AWS IAM Identity Center integration connects Tello IAM to your AWS environment using IAM user credentials. The connection requires an Access Key ID, a Secret Access Key, and the AWS region where IAM Identity Center is configured.

Before connecting

The Administrator completing this setup must have access to AWS IAM with permission to create IAM users and generate access keys. The IAM user or role used for this integration must have the required permissions to read from IAM Identity Center.

Step 1: Create an IAM user and generate access keys

  1. Sign in to the AWS Management Console and navigate to IAM → Users.
  2. Select Create user and follow the prompts to create a dedicated IAM user for Tello IAM (for example, tello-iam).
  3. Attach the permissions required to read from IAM Identity Center to the user.
  4. After the user is created, navigate to the user’s Security credentials tab.
  5. Under Access keys, select Create access key.
  6. Copy the Access Key ID and Secret Access Key. The Secret Access Key is only displayed once.

Important: Copy the Secret Access Key before closing the confirmation page. It will not be shown again. If lost, a new access key must be created.

Step 2: Locate your AWS Region

The AWS Region is the region where IAM Identity Center is configured in your AWS account (for example, us-east-1). This can be found in the AWS Management Console by navigating to IAM Identity Center and checking the region selector in the top navigation bar.

Step 3: Connect AWS IAM Identity Center in Tello IAM

  1. Navigate to Integrations in the left navigation.
  2. Select + Add Integration.
  3. Search for AWS IAM Identity Center and select Add.
  4. Enter the AWS Access Key ID in the AWS Access Key ID field.
  5. Enter the AWS Secret Access Key in the AWS Secret Access Key field.
  6. If using temporary credentials (STS or an assumed role), enter the AWS Session Token. Leave this field blank for permanent IAM user keys.
  7. Enter the AWS Region where IAM Identity Center is configured (for example, us-east-1).
  8. Select Test Connection to verify the credentials are valid. A Connection successful confirmation will appear if accepted.
  9. Select Connect. The integration appears on the Integrations page and an initial sync begins automatically.

Verify the connection

After the initial sync completes, confirm the following on the Integrations page:

  • The AWS IAM Identity Center integration displays a status of Active
  • A sync timestamp is present and reflects the completed sync
  • User records on the Users page display detected AWS permissions in the Access column

Reauthorizing the connection

If the integration loses authorization, it will display an error on the Integrations page. To reauthorize, generate new access keys in AWS IAM, then select the integration row in Tello IAM, select Configure, and enter the updated credentials.

Related articles




Logo Color-1 Seasoft Security Solutions LLC | Tello IAM