Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Implementing Identity Management on AWS
  • Toc
  • feedback
Implementing Identity Management on AWS

Implementing Identity Management on AWS

By : Lehtinen
4.2 (5)
close
Implementing Identity Management on AWS

Implementing Identity Management on AWS

4.2 (5)
By: Lehtinen

Overview of this book

AWS identity management offers a powerful yet complex array of native capabilities and connections to existing enterprise identity systems for administrative and application identity use cases. This book breaks down the complexities involved by adopting a use-case-driven approach that helps identity and cloud engineers understand how to use the right mix of native AWS capabilities and external IAM components to achieve the business and security outcomes they want. You will begin by learning about the IAM toolsets and paradigms within AWS. This will allow you to determine how to best leverage them for administrative control, extending workforce identities to the cloud, and using IAM toolsets and paradigms on an app deployed on AWS. Next, the book demonstrates how to extend your on-premise administrative IAM capabilities to the AWS backplane, as well as how to make your workforce identities available for AWS-deployed applications. In the concluding chapters, you’ll learn how to use the native identity services with applications deployed on AWS. By the end of this IAM Amazon Web Services book, you will be able to build enterprise-class solutions for administrative and application identity using AWS IAM tools and external identity systems.
Table of Contents (17 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: IAM and AWS – Critical Concepts, Definitions, and Tools
Section 1: IAM and AWS – Critical Concepts, Definitions, and Tools
Free Chapter
2
Chapter 1: An Introduction to IAM and AWS IAM Concepts
Chapter 1: An Introduction to IAM and AWS IAM Concepts
Technical requirements
Understanding IAM
Exploring AWS IAM
Putting it all together
Summary
Questions
3
Chapter 2: An Introduction to the AWS CLI
Chapter 2: An Introduction to the AWS CLI
Technical requirements
Exploring the AWS CLI basics
Using the AWS CLI
Putting it all together – creating a functional IAM user with the AWS CLI
Summary
Questions
Further reading
4
Chapter 3: IAM User Management
Chapter 3: IAM User Management
Technical requirements
What is an IAM user account?
Managing and securing root IAM user accounts
Managing and securing IAM user accounts
Managing federated user accounts
Summary
Questions
5
Chapter 4: Access Management, Policies, and Permissions
Chapter 4: Access Management, Policies, and Permissions
Technical requirements
What is access management?
Introducing the AWS access policy types
The anatomy of an AWS JSON policy document
Exploring the AWS policy types
Policy evaluation
Governance
Summary
Questions
Further reading
6
Chapter 5: Introducing Amazon Cognito
Chapter 5: Introducing Amazon Cognito
Technical requirements
What is Amazon Cognito?
Amazon Cognito use cases
Creating an Amazon Cognito user pool
Exploring the hosted UI
Creating an Amazon Cognito identity pool
Summary
Questions
7
Chapter 6: Introduction to AWS Organizations and AWS Single Sign-On
Chapter 6: Introduction to AWS Organizations and AWS Single Sign-On
Technical requirements
What is AWS SSO?
AWS Organizations
Configuring AWS SSO in the Management Console
Configuring AWS SSO from the CLI
Summary
Questions
Further reading
8
Chapter 7: Other AWS Identity Services
Chapter 7: Other AWS Identity Services
Technical requirements
Understanding AWS Directory Service
Encryption and secrets management
Logging and auditing
Summary
Questions
Further reading
9
Section 2: Implementing IAM on AWS for Administrative Use Cases
Section 2: Implementing IAM on AWS for Administrative Use Cases
10
Chapter 8: An Ounce of Prevention – Planning Your Administrative Model
Chapter 8: An Ounce of Prevention – Planning Your Administrative Model
Technical requirements
Evaluating the organization's current IAM capabilities
Evaluating the business structure and account schema
Designing the AWS organizational structure
Summary
Questions
Further reading
11
Chapter 9: Bringing Your Admins into the AWS Administrative Backplane
Chapter 9: Bringing Your Admins into the AWS Administrative Backplane
Technical requirements
Defining our organization's identity source
Provisioning administrative accounts in AWS – account linking
Provisioning administrative accounts in AWS – SCIM provisioning
Summary
Questions
Further reading
Code samples
12
Chapter 10: Administrative Single Sign-On to the AWS Backplane
Chapter 10: Administrative Single Sign-On to the AWS Backplane
Technical requirements
Why use federation for AWS administrators?
Assigning access to AWS accounts
Implementing fine-grained access management for administrators
Administrative SSO using the AWS CLI
Summary
Questions
Further reading
13
Section 3: Implementing IAM on AWS for Application Use Cases
Section 3: Implementing IAM on AWS for Application Use Cases
14
Chapter 11: Bringing Your Users into AWS
chevron up
Chapter 11: Bringing Your Users into AWS
Technical requirements
Distinguishing administrative users from non-administrative users
Solutions to non-administrative user use cases for apps on AWS
Using Managed AD and trusts
Creating the trust between AWS Managed AD and on-premises AD
Summary
Questions
Further reading
15
Chapter 12: AWS-Hosted Application Single Sign-On Using an Existing Identity Provider
Chapter 12: AWS-Hosted Application Single Sign-On Using an Existing Identity Provider
Technical requirements
Defining the use case and solution architecture
Creating a user pool
Connecting Amazon Cognito to an external IdP – SAML
Connecting Amazon Cognito to an external IdP – OIDC
Assuming roles with identity pools
Summary
Questions
Further reading
Why subscribe?
16
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Distinguishing administrative users from non-administrative users

We already have a connection to our AWS accounts via AWS SSO and our external IDP for the user accounts that are entitled to access our AWS environments. However, what can we do to ensure that all user accounts are available to applications in AWS, even if the users never need administrative access to an AWS account? To answer that question, first, we need to clarify how we define each of these types of accounts. In the broadest terms, administrative accounts are accounts that have enhanced permissions to modify system settings, create other accounts, and change the permissions for what other accounts can do. For our Redbeard Identity AWS use case, we classified administrative accounts as those accounts that had access to and could manipulate resources within an AWS account. We made distinctions as to where a given user had their administrative privileges via group memberships to specific accounts and permission sets...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 3
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete