Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Implementing Identity Management on AWS
  • Toc
  • feedback
Implementing Identity Management on AWS

Implementing Identity Management on AWS

By : Lehtinen
4.2 (5)
close
Implementing Identity Management on AWS

Implementing Identity Management on AWS

4.2 (5)
By: Lehtinen

Overview of this book

AWS identity management offers a powerful yet complex array of native capabilities and connections to existing enterprise identity systems for administrative and application identity use cases. This book breaks down the complexities involved by adopting a use-case-driven approach that helps identity and cloud engineers understand how to use the right mix of native AWS capabilities and external IAM components to achieve the business and security outcomes they want. You will begin by learning about the IAM toolsets and paradigms within AWS. This will allow you to determine how to best leverage them for administrative control, extending workforce identities to the cloud, and using IAM toolsets and paradigms on an app deployed on AWS. Next, the book demonstrates how to extend your on-premise administrative IAM capabilities to the AWS backplane, as well as how to make your workforce identities available for AWS-deployed applications. In the concluding chapters, you’ll learn how to use the native identity services with applications deployed on AWS. By the end of this IAM Amazon Web Services book, you will be able to build enterprise-class solutions for administrative and application identity using AWS IAM tools and external identity systems.
Table of Contents (17 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: IAM and AWS – Critical Concepts, Definitions, and Tools
Section 1: IAM and AWS – Critical Concepts, Definitions, and Tools
Free Chapter
2
Chapter 1: An Introduction to IAM and AWS IAM Concepts
Chapter 1: An Introduction to IAM and AWS IAM Concepts
Technical requirements
Understanding IAM
Exploring AWS IAM
Putting it all together
Summary
Questions
3
Chapter 2: An Introduction to the AWS CLI
Chapter 2: An Introduction to the AWS CLI
Technical requirements
Exploring the AWS CLI basics
Using the AWS CLI
Putting it all together – creating a functional IAM user with the AWS CLI
Summary
Questions
Further reading
4
Chapter 3: IAM User Management
Chapter 3: IAM User Management
Technical requirements
What is an IAM user account?
Managing and securing root IAM user accounts
Managing and securing IAM user accounts
Managing federated user accounts
Summary
Questions
5
Chapter 4: Access Management, Policies, and Permissions
Chapter 4: Access Management, Policies, and Permissions
Technical requirements
What is access management?
Introducing the AWS access policy types
The anatomy of an AWS JSON policy document
Exploring the AWS policy types
Policy evaluation
Governance
Summary
Questions
Further reading
6
Chapter 5: Introducing Amazon Cognito
Chapter 5: Introducing Amazon Cognito
Technical requirements
What is Amazon Cognito?
Amazon Cognito use cases
Creating an Amazon Cognito user pool
Exploring the hosted UI
Creating an Amazon Cognito identity pool
Summary
Questions
7
Chapter 6: Introduction to AWS Organizations and AWS Single Sign-On
Chapter 6: Introduction to AWS Organizations and AWS Single Sign-On
Technical requirements
What is AWS SSO?
AWS Organizations
Configuring AWS SSO in the Management Console
Configuring AWS SSO from the CLI
Summary
Questions
Further reading
8
Chapter 7: Other AWS Identity Services
Chapter 7: Other AWS Identity Services
Technical requirements
Understanding AWS Directory Service
Encryption and secrets management
Logging and auditing
Summary
Questions
Further reading
9
Section 2: Implementing IAM on AWS for Administrative Use Cases
Section 2: Implementing IAM on AWS for Administrative Use Cases
10
Chapter 8: An Ounce of Prevention – Planning Your Administrative Model
Chapter 8: An Ounce of Prevention – Planning Your Administrative Model
Technical requirements
Evaluating the organization's current IAM capabilities
Evaluating the business structure and account schema
Designing the AWS organizational structure
Summary
Questions
Further reading
11
Chapter 9: Bringing Your Admins into the AWS Administrative Backplane
Chapter 9: Bringing Your Admins into the AWS Administrative Backplane
Technical requirements
Defining our organization's identity source
Provisioning administrative accounts in AWS – account linking
Provisioning administrative accounts in AWS – SCIM provisioning
Summary
Questions
Further reading
Code samples
12
Chapter 10: Administrative Single Sign-On to the AWS Backplane
Chapter 10: Administrative Single Sign-On to the AWS Backplane
Technical requirements
Why use federation for AWS administrators?
Assigning access to AWS accounts
Implementing fine-grained access management for administrators
Administrative SSO using the AWS CLI
Summary
Questions
Further reading
13
Section 3: Implementing IAM on AWS for Application Use Cases
Section 3: Implementing IAM on AWS for Application Use Cases
14
Chapter 11: Bringing Your Users into AWS
chevron up
Chapter 11: Bringing Your Users into AWS
Technical requirements
Distinguishing administrative users from non-administrative users
Solutions to non-administrative user use cases for apps on AWS
Using Managed AD and trusts
Creating the trust between AWS Managed AD and on-premises AD
Summary
Questions
Further reading
15
Chapter 12: AWS-Hosted Application Single Sign-On Using an Existing Identity Provider
Chapter 12: AWS-Hosted Application Single Sign-On Using an Existing Identity Provider
Technical requirements
Defining the use case and solution architecture
Creating a user pool
Connecting Amazon Cognito to an external IdP – SAML
Connecting Amazon Cognito to an external IdP – OIDC
Assuming roles with identity pools
Summary
Questions
Further reading
Why subscribe?
16
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Solutions to non-administrative user use cases for apps on AWS

Let's consider some of the solution architectures that are available to us when providing access to non-administrative user identity information to applications hosted within AWS. We will start with a baseline where we do not leverage any AWS services at all in order to access our user identities:

Figure 11.1 – An application directly integrated with an external IDP

In this configuration, the application, or its web server, is configured to operate as either a SAML service provider or an OpenID Connect (OIDC)-reliant party. Previously, we mentioned how services such as Amazon Cognito offer SDKs and code samples to facilitate application integration with those services. Standards bodies and open source communities offer similar plugins, SDKs, and web server modules that are designed to facilitate the adoption of standards-based identity protocols, such as SAML2 and OIDC. While this reduces...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 4
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete