Streamline customer onboarding and accelerate time-to-value with AWS IAM temporary delegation

By Welly Siauw, Principal Partner SA – AWS
By Priyesh Bansal, Sr Product Manager – AWS
By Kunjal Botadra, Sr Product Manager – AWS

We’re excited to introduce AWS IAM temporary delegation, a new capability that streamlines customer onboarding for ISV Accelerate Partners. This feature allows Partners to automate resource configuration in customers’ Amazon Web Services (AWS) account through temporary, limited permissions, while customers maintain full control and visibility to manage their Partner products throughout the process.

In this post, we’ll explore the benefits of IAM temporary delegation and showcase how AWS Partners are already using this capability to transform their customer onboarding experience.

Accelerate customer onboarding

Organizations rely on AWS Partners’ SaaS solutions to build applications and manage their AWS environment. Implementing these solutions involves deploying resources and configuring multiple AWS services, including storage, compute, networking, and access management. During this critical onboarding phase, Partners work closely with customers to ensure proper configuration and security.

As Partners scale their business and expand their customer base, streamlining the onboarding process becomes increasingly important. The traditional manual setup process requires considerable time from both Partners and customers, which can delay time-to-value and extend the sales cycle.

AWS IAM temporary delegation providers Partners a powerful way to automate and simplify this process. Partners can now create guided experiences that streamline resource deployment while maintaining the security controls that customers expect. The result is a faster onboarding experience that helps customers realize value from their Partner solutions sooner.

Partners can offer this experience as an “IAM temporary delegation” button within their product workflow.

Figure 1 – End-to-end workflow using IAM temporary delegation.

Customers begin the flow in the Partner’s product and are redirected to the AWS Management Console (Figure 2) where they review the Partner’s request, including the specific permissions requested and the access duration.

Upon approval, AWS provides the Partner with temporary credentials to automate the necessary setup on behalf of the customer. When the time period expires, the delegated access automatically ends.

Figure 2 – IAM console showing permission request approval interface.

AWS IAM temporary delegation also includes built-in support for administrator approval workflows. In organizations where users don’t have sufficient permissions to delegate, they can submit requests for administrator review. Users provide business justification along with their request, and administrators review and approve these requests from the AWS IAM console.

For customer use-cases that require long-term IAM access, Partners can use AWS IAM temporary delegation to set up the required IAM roles and permissions. These IAM roles include an attached permissions boundary that limits the maximum permissions the role can have. Customers review these permissions boundaries as part of the delegation request before approval, maintaining control and visibility over Partner access even for long-term scenarios.

Simplifying updates and new feature setup

Beyond onboarding, Partners can also use AWS IAM temporary delegation to accelerate feature adoption and simplify ongoing operations. When introducing new features that require additional AWS resource deployment or permissions, Partners can provide guided setup experiences instead of sending customers back through manual configuration steps. The capability also supports maintenance tasks and updates that previously required manual customer involvement, reducing ongoing operational overhead.

Launch Partner showcase

We invite you to explore how AWS Partners are already implementing AWS IAM temporary delegation:

• Archera uses AWS IAM temporary delegation to deliver a fast, secure, and seamless onboarding experience for customers. This automation streamlines onboarding, enforces least-privilege access, and enables customers to start optimizing their cloud costs in minutes.
• Aviatrix is streamlining how customers activate and manage Cloud Native Security Fabric (CNSF) within their AWS environments. Using IAM temporary delegation, Aviatrix requests short-lived, pre-approved permissions to perform specific setup and configuration tasks on behalf of customers. Each request is time-bound, visible, and customer-approved, ensuring least-privilege access while accelerating onboarding and reducing operational overhead.
• CrowdStrike Falcon Next-Gen SIEM leverages IAM temporary delegation to automatically discover and configure AWS data sources such as CloudTrail, GuardDuty, and Security Hub – simplifying data onboarding and accelerating time-to-value for customers while eliminating the need for manual setup or permanent elevated access privileges.
• Databricks is a leader in Data and AI platforms for Enterprises. By integrating with AWS IAM temporary delegation, customers can deploy classic workspaces in minutes with automated configuration provisioning. Start your trial in AWS Marketplace.
• HashiCorp Cloud Platform (HCP) Terraform enables organizations to automate the provisioning and management of cloud infrastructure on AWS. Through its integration with AWS IAM temporary delegation, HCP Terraform’s Dynamic Provider Credentials streamlines onboarding, reduces configuration errors, and helps customers accelerate infrastructure delivery while maintaining strong security controls.
• Qumulo uses IAM temporary delegation to streamline customer deployments on AWS—reducing setup steps, saving time, ensuring accuracy/consistency, and removing access concerns.
• Rapid7 offers customers a breadth of integrated technologies and services that maximize data utilization and shared context across core security domains—accelerating security outcomes from endpoint to cloud. By integrating IAM temporary delegation, customers can configure deployment options within the Rapid7 interface and securely approve access through the AWS console.
• SentinelOne is a global leader in autonomous cybersecurity, delivering AI-driven protection for endpoints, identities, cloud and AI workloads across hybrid environments. By leveraging AWS IAM temporary delegation, SentinelOne streamlines customer onboarding, automating secure environment setup and accelerating time-to-value for the SentinelOne Singularity Platform with AWS.

Beyond AWS ISV Accelerate Partners, we’re also leveraging this capability across our own products. For example Amazon Leo—an initiative bringing fast, reliable connectivity through low Earth orbit satellites—uses IAM temporary delegation to simplify account setup for enterprise customers, enabling automated creation of service roles and policy attachments.

Get started

Start building a better onboarding experience for your customers today.

To learn about requirements and eligibility, review the AWS ISV Accelerate Program Guide in AWS Partner Central (login required).