Considerations for choosing your instance type for IAM Identity Center
There are two ways to enable the Amazon Q Developer Pro tier for your workforce users, depending on your need, security requirements, and feature access level:
-
(Recommended) Organization instance: An organization instance of IAM Identity Center is the primary form of deploying IAM Identity Center. AWS recommends that you use an organization instance in most cases. If you want access to all Amazon Q Developer features, and for your administrator to have enterprise access controls across multiple AWS accounts, then you should use an organization instance. To set up access with an organization instance, see Subscribing users to the Amazon Q Developer Pro tier with an organization instance.
-
Account instance: If you cannot adopt an organization instance in IAM Identity Center, you can use an account instance of IAM Identity Center to manage user and group access to Amazon Q Developer features. With an account instance of IAM Identity Center, you can create an isolated deployment of Amazon Q in a single AWS account. To set up access with an account instance, see Subscribing users to the Amazon Q Developer Pro tier with an account instance.
Use cases for account instances with Amazon Q Developer Pro
Although we recommend that you use an organization instance of IAM Identity Center with Amazon Q Developer Pro, there are a few situations in which it might make sense to use account instances. These situations include:
-
You are trying out Amazon Q Developer Pro, and you haven’t yet decided that you want to deploy it to multiple AWS accounts across an organization in AWS Organizations.
-
You are the administrator of a single AWS account within an organization. Instead of waiting for the administrator of your enterprise to implement Amazon Q Developer Pro, you want to use Amazon Q in just for the AWS account that you control.
-
Your enterprise is large, and does not have a single identity provider, or a single identity store, containing the entire user base that you want to give access to Amazon Q Developer.
Disadvantages to using an account instance include:
-
The dashboard will only provide information about users and groups associated with the one account.
-
The administrative settings (such as whether to include suggestions with code references) will only be available for the one account.
For more information on these instance types, see Manage organization and account instances of IAM Identity Center in the AWS IAM Identity Center User Guide.