All about Identity at AMAZON WEB SERVICES plus what are we still missing?
From IIW
Session Topic: All About Identity at Amazon Web Services
Wednesday 4G
Convener: Ian Wesley-Smith
Notes-taker(s): Ian Wesley-Smith
- Check out our best practices for users and permissions: http://
docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html
- Question on Federating with University via SAML (Nathan from UW)
- Not possible currently, can write a proxy and use GetFederationToken (http://
docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html)
- Discussed STS (http://docs.aws.amazon.com/STS/latest/APIReference/
Welcome.html)
- AssumeRoles (http://docs.aws.amazon.com/STS/latest/APIReference/
API_AssumeRole.html)
- Should I use AssumeRole or Federated Users?
- We suggest roles unless you have a special authorization requirement
- Can you assume multiple roles at the same time?
- No.
- Do you support MFA? Yes: http://aws.amazon.com/mfa/
- How are root accounts and IAM users related?
properties-iam-user.html
- Cross-account Access? http://aws.amazon.com/about-aws/whats-new/2012/11/
19/Announcing-Cross-Account-API-Access-Using-IAM-Roles/
- We have a cloud HSM http://aws.amazon.com/cloudhsm/
- What certifications do we have? https://aws.amazon.com/security/
- Consolidated billing: http://docs.aws.amazon.com/awsaccountbilling/latest/
about/consolidatedbilling.html
- Discussion about what federation technologies customers would like to see
- OpenID Connect Support
- SAML Support