Should I stick with IAM Identity Center or also utilize IAM to give access to various AWS services and apps to my friend/business partner?

I'm trying to get my business partner to access Lex bots I'm making, but even after provisioning the necessary permission set and policies attached, he still can't access them. My bots are still in draft mode and he is able to access AWS console and Lex itself, when before he couldn't access anything upon signing in.

According to official documentation and from what AmazonQ (AWS' tech support bot) and Bing AI told me, even if I set him up as an IAM user and was able to properly set up the resource based policies, he would still be limited on what he can do due to the bots being in draft mode. I have next to no experience with resource based policies, and while I do have some experience with JSON, it's not enough to let me be skilled enough to properly create valid policies. I've decided to just publish the Lex bots prematurely so hopefully my business partner/friend can access and work on it with me together.

So what I mean is I already registered him as a user and did all that in Identity Center, but because Identity Center and IAM are separate, he's technically not considered to be an IAM user. Only those registered in IAM and granted permission sets and policies there can access AWS applications that are still in draft mode iirc. Although to be fair, I don't know how to really use Lambda or Cloudshell, so maybe he can still access the Lex bots that way.

Yeah AWS is very complicated to use and that's why other competitors like Salesforce and Azure have become more popular in recent years. Specifically, I provisioned SystemAdministrator permission set with a policy of the same name and AmazonLexFullAccess policy attached to it. In theory, he should have no problems with accessing and editing the bots, but from the screenshots he showed me, the list of bots are completely empty in Lex. Identity Center doesn't show any errors associated with him so that can be ruled out.