Table of Contents

AWS IAM Identity Center

Yasuhiro Miyoshi Updated by Yasuhiro Miyoshi


Step1: How to make the AWS policy
  1. Login to Identity and Access Management (IAM)、click on "Create Policy" from Policies in the left menu.
  1. On the Create Policy screen, click the JSON tab and overwrite the following script
"Version": "2012-10-17",
"Statement": [
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"Resource": "*"

  1. Enter a name for the role and click "Create Policy" to save.
Step2:How to make the Role
  1. Identity and Access Management (IAM) and click Roles > Create Role in the left menu.
  1. In Select Trusted Entities, enter each value as follows.
  • Trusted entity:AWS account
  • An AWS account:Select 「Another AWS account」and Enter 162001151631in Account ID
  • Check the box of Require external ID (Best practice when a third party will assume this role)
  • Enter a random string (24 or more digits recommended) for the external ID.
  • no need MFA

Click, NEXT

  1. Select the policy created in Step 1 and click Next.
  1. Set a role name and click "Create Role".
Step3: How to get Role ARN
  1. Search for and display the roles created on the Roles screen, and click on them.
  2. The Role ARN will be displayed, copy and save it.
Step4: How to get Region and Workspace Key

Go to IAM Identitiy Center > Settings, copy and save the Region and Identity store ID


Setup Integration

On the Money Forward Admina integration screen, search for AWS IAM Identity Center.

Enter the workspace key, region, and Role ARN obtained in the previous step, as well as the external ID set when creating the role, and click Integrate.

If the integration with AWS IAM Identity Center is successful, the registered user information will appear in the account list. 

If the integration does not complete successfully, please edit the status tab on the integration screen and try integrating again.

If the problem persists, please contact us via chat.🙏


How did we do?