Apps can now impersonate human access to AWS via IAM Identity Center
Earlier today, AWS IAM Identity Center launched the ability for server-side applications to assume roles on behalf of their users. This is a big deal, I've wanted this exact kind of functionality for years. The docs are pretty sparse on how it works and what the events look like in CloudTrail, so here are my field notes, recommendations on whether you should use it today and feature requests for whichever AWS service team is working on this.