SlideShare ist ein Scribd-Unternehmen logo

Federation

Amazon Web Services
Amazon Web Services

Learn a number of use cases including how to automate federation configurations across AWS accounts

Präsentationen & Vorträge
1 von 25
Bring Your Own Identities – Federating Access to Your AWS Environment Zaher Dannawi Senior Product Manager Identity and Access Management
Agenda • What is delegation? • What are the scenarios? • How does it work? • Q&A
What is federation? • Delegation – Provide users in other AWS accounts access to resources in your AWS account • Federation – Provide users in other identity stores access to resources in your AWS account
Common Use Cases Delegate to other AWS accounts • To your team member • To another team • To third party software • To an AWS service • To an EC2 instance Federate with other identity stores • Users in your corporate directory – e.g. Active Directory, Google • Users authenticated by a web identity provider – e.g. Login With Amazon, Facebook
Sessions 101 • Allow temporary access to your AWS account • Are generated by the AWS Security Token Service (STS) • Include temporary security credentials that are used to make API calls to AWS services
Requesting a Session Session Access Key Id Secret Access Key Expiration Session Token Start by requesting a session from AWS STS
What’s in a Session? Use the keys to sign AWS service API requests Session Access Key Id Secret Access Key Expiration Session Token Use the token as an additional parameter for every API request Temporary Security Credentials
Multiple Ways to Get Sessions • Self-sessions (GetSessionToken) • Federated sessions (GetFederationToken) • Assumed-role sessions • AssumeRole • AssumeRoleWithSAML • AssumeRoleWithWebIdentity Session Access Key Id Secret Access Key Expiration Session Token
Sessions Expire Expiration varies based on token type [Min/Max/Default] • Self (Account) [15 min / 60 min / 60 min] • Self (IAM User) [15 min / 36 hrs / 12 hrs] • Federated [15 min / 36 hrs / 12 hrs] • Assumed-role [15 min / 60 min / 60 min] Use caching to improve your application performance Session Access Key Id Secret Access Key Expiration Session Token New in July 2016: Federated console duration now 12 hours
DEMO #1 - AWS Console Single Sign-on Active Directory Log into the console without a user name and password!
Wait… what just happened? 1. Logged into my Windows instance with AD credentials 2. Hit an intranet website 3. Chose the “role” I wanted to play in AWS 4. Auto-magically signed in to the console
AWS Console Federation Walkthrough (AssumeRole) Customer (IdP) AWS Cloud (Relying Party) AWS Management Console Browser interface Corporate directory Federation proxy 1Browse to URL 3 2 Redirect to Console 10 Generate URL9 4 List RolesRequest 8 Assume Role Response Temp Credentials • Access Key • Secret Key • Session Token 7 AssumeRole Request Create combo box 6 Federation proxy • Uses a set of IAM user credentials to make AssumeRoleRequest() • IAM user permissions only need to be able to call ListRoles & assume role • Proxy needs to securely store these credentials 5 List RolesResponse
Console Federation using SAML (AssumeRoleWithSAML) Enterprise (Identity Provider) AWS (Service Provider) AWS Sign-in Browser interface Corporate identity store Identity provider 1User browses to Identity provider 2 Receives AuthN response 5 Redirect client AWS Management Console 3 Post to Sign-In Passing AuthN Response 4
AWS API Federation Walkthrough (GetFederationToken) Customer (Identity Provider) AWS Cloud (Relying Party) AWS Resources User Application Active Directory Federation Proxy 4 Get Federation Token Request 3 2 S3 Bucket with Objects Amazon DynamoDB Amazon EC2 Request Session 1 Receive Session6 5 Get Federation Token Response • Access Key • Secret Key • Session Token APP Federation Proxy • Uses a set of IAM user credentials to make a GetFederationTokenRequest() • IAM user permissions need to be the union of all federated user permissions • Proxy needs to securely store these privileged credentials Call AWS APIs7
Partners
Web Identity Federation (AssumeRoleWithWebIdentity) AWS Cloud US-EAST-1 EU-WEST-1 AP-SOUTHEAST-1 AWS Services Amazon DynamoDB S3 Authenticate User 1 6 7 IAM EC2 Instances Token Verification 4 Web identity Provider 3 5 Check Policy Id Token 2 Mobile App Amazon Cognito: user sign-in and signup for mobile/web apps via social authentication, SAML, custom identities.
Summary • Proxy-based Federation – GetFederationToken and AssumeRole • SAML-based Federation – AssumeRoleWithSAML – ADFS – Shibboleth • Web Identity Federation - AssumeRoleWithWebIdentity – Login with Amazon, Facebook, Google – Amazon Cognito
DEMO #2 – Federated Access to AWS CLI Active Directory
What just happened? 1. Logged into my Windows desktop 2. Opened terminal 3. Utility obtained temporary security credentials 4. Accessed AWS services via CLI
What just happened? – Code Snippets # Use the assertion to get an AWS STS token using Assume Role with SAML conn = boto.sts.connect_to_region(region) token = conn.assume_role_with_saml(role_arn, principal_arn, assertion) What’s Happening: Call the standard AWS STS service to request AWS temporary security credentials # Initiate session handler session = requests.Session() # Programatically get the SAML assertion # Set up the NTLM authentication handler by using the provided credential session.auth = HttpNtlmAuth(username, password, session) # Opens the initial AD FS URL and follows all of the HTTP302 redirects response = session.get(idpentryurl, verify=sslverification) # Debug the response if needed #print (response.text) What’s Happening: Assemble the authentication information (username, password) and formulate the https request to the IdP # Parse the returned assertion and extract the authorized roles awsroles = [] root = ET.fromstring(base64.b64decode(assertion)) for saml2attribute in root.iter('{urn:oasis:names:tc:SAML:2.0:assertion}Attribute'): if (saml2attribute.get('Name') == 'https://aws.amazon.com/SAML/Attributes/Role'): for saml2attributevalue in saml2attribute.iter('{urn:oasis:names:tc:SAML:2.0:assertion}AttributeValue'): awsroles.append(saml2attributevalue.text) What’s Happening: Iterate through the IdP response tags until it finds one named SAMLResponse.
Q&A
Links • Twitter @AWSIdentity • AWS Security Blog http://bit.ly/1n1z1QL • IAM Details Page http://amzn.to/1lPyQs9 • IAM Forums http://bit.ly/1p2Ip6M • API federation sample http://amzn.to/11AFKtS • Console federation sample http://amzn.to/1vlBZ6N
aws.amazon.com/activate Everything and Anything Startups Need to Get Started on AWS

Empfohlen

Muhammad Asad;The nature of an islamic state
Muhammad Asad;The nature of an islamic stateMuhammad Asad;The nature of an islamic state
Muhammad Asad;The nature of an islamic state2ub1
 
Nation states
Nation statesNation states
Nation statesHarriet Bland
 
The british constitution
The british constitutionThe british constitution
The british constitutionaquinaspolitics
 
House of Commons
House of CommonsHouse of Commons
House of CommonsSteve Saffhill
 
Government systems
Government systemsGovernment systems
Government systemsangiematheny
 
Organs of govt.
Organs of govt.Organs of govt.
Organs of govt.Md Shahriar Tasjid
 
The Muslim Concept of Sovereignty: Islamicjerusalem during the First Muslim C...
The Muslim Concept of Sovereignty: Islamicjerusalem during the First Muslim C...The Muslim Concept of Sovereignty: Islamicjerusalem during the First Muslim C...
The Muslim Concept of Sovereignty: Islamicjerusalem during the First Muslim C...islamicjerusalem
 
1935 act
1935 act1935 act
1935 actDomodaram Sanjivayya National Law University
 

Empfohlen

Muhammad Asad;The nature of an islamic state
Muhammad Asad;The nature of an islamic stateMuhammad Asad;The nature of an islamic state
Muhammad Asad;The nature of an islamic state2ub1
 
Nation states
Nation statesNation states
Nation statesHarriet Bland
 
The british constitution
The british constitutionThe british constitution
The british constitutionaquinaspolitics
 
House of Commons
House of CommonsHouse of Commons
House of CommonsSteve Saffhill
 
Government systems
Government systemsGovernment systems
Government systemsangiematheny
 
Organs of govt.
Organs of govt.Organs of govt.
Organs of govt.Md Shahriar Tasjid
 
The Muslim Concept of Sovereignty: Islamicjerusalem during the First Muslim C...
The Muslim Concept of Sovereignty: Islamicjerusalem during the First Muslim C...The Muslim Concept of Sovereignty: Islamicjerusalem during the First Muslim C...
The Muslim Concept of Sovereignty: Islamicjerusalem during the First Muslim C...islamicjerusalem
 
1935 act
1935 act1935 act
1935 actDomodaram Sanjivayya National Law University
 
Montesquieu and locke
Montesquieu and lockeMontesquieu and locke
Montesquieu and lockeRaviv Baxter
 
Unitary and federal government
Unitary and federal governmentUnitary and federal government
Unitary and federal governmentsugirtha m
 
1962 constitution of pakistan
1962 constitution of pakistan1962 constitution of pakistan
1962 constitution of pakistanShas Productions
 
Constitution of 1956
Constitution of 1956Constitution of 1956
Constitution of 1956SHABBIR AHMAD
 
Pm and cabinet key concepts
Pm and cabinet key conceptsPm and cabinet key concepts
Pm and cabinet key conceptsaquinaspolitics
 
Sovereignty (1).pptx
Sovereignty (1).pptxSovereignty (1).pptx
Sovereignty (1).pptxASHUTOSHKUMARPANDEY40
 
Summary of constitution in uk end of topic
Summary of constitution in uk end of topicSummary of constitution in uk end of topic
Summary of constitution in uk end of topicMatthew Bentley
 
Elements of National Power
Elements of National PowerElements of National Power
Elements of National PowerZawer Michael
 
Presidential versus Parliamentary System
Presidential versus Parliamentary SystemPresidential versus Parliamentary System
Presidential versus Parliamentary SystemLatif Hyder Wadho
 
Islamic concept of state
Islamic concept of stateIslamic concept of state
Islamic concept of stateMahesh Patil
 
Political science part iii
Political science part iiiPolitical science part iii
Political science part iiiAlona Salva
 
Sovereignty political science
Sovereignty political scienceSovereignty political science
Sovereignty political scienceasmamaqsood4
 
Public opinion
Public opinionPublic opinion
Public opinionMahesh Patil
 
Power in ir
Power in irPower in ir
Power in irrumahbianglala
 
Theories of Nation State 129 slds
Theories of Nation State 129 sldsTheories of Nation State 129 slds
Theories of Nation State 129 sldsamulya123
 
HISTORY YEAR 9 - DICTATORSHIP
HISTORY YEAR 9 - DICTATORSHIPHISTORY YEAR 9 - DICTATORSHIP
HISTORY YEAR 9 - DICTATORSHIPGeorge Dumitrache
 
The evolutionary theory of origin of state
The evolutionary theory of origin of stateThe evolutionary theory of origin of state
The evolutionary theory of origin of stateKumarGautamAshish
 
Presidential system
Presidential systemPresidential system
Presidential systemmahee tori
 
Democracy and human rights
Democracy and human rightsDemocracy and human rights
Democracy and human rightsUmair Aslam
 
Dictatorship
DictatorshipDictatorship
DictatorshipNisar Ahmad
 
Federation
FederationFederation
Federationlukenaivasha
 
Designing Sociability: With Notes
Designing Sociability: With NotesDesigning Sociability: With Notes
Designing Sociability: With NotesChristina Wodtke
 

Weitere ähnliche Inhalte

Was ist angesagt?

Montesquieu and locke
Montesquieu and lockeMontesquieu and locke
Montesquieu and lockeRaviv Baxter
 
Unitary and federal government
Unitary and federal governmentUnitary and federal government
Unitary and federal governmentsugirtha m
 
1962 constitution of pakistan
1962 constitution of pakistan1962 constitution of pakistan
1962 constitution of pakistanShas Productions
 
Constitution of 1956
Constitution of 1956Constitution of 1956
Constitution of 1956SHABBIR AHMAD
 
Pm and cabinet key concepts
Pm and cabinet key conceptsPm and cabinet key concepts
Pm and cabinet key conceptsaquinaspolitics
 
Summary of constitution in uk end of topic
Summary of constitution in uk end of topicSummary of constitution in uk end of topic
Summary of constitution in uk end of topicMatthew Bentley
 
Elements of National Power
Elements of National PowerElements of National Power
Elements of National PowerZawer Michael
 
Presidential versus Parliamentary System
Presidential versus Parliamentary SystemPresidential versus Parliamentary System
Presidential versus Parliamentary SystemLatif Hyder Wadho
 
Islamic concept of state
Islamic concept of stateIslamic concept of state
Islamic concept of stateMahesh Patil
 
Political science part iii
Political science part iiiPolitical science part iii
Political science part iiiAlona Salva
 
Sovereignty political science
Sovereignty political scienceSovereignty political science
Sovereignty political scienceasmamaqsood4
 
Theories of Nation State 129 slds
Theories of Nation State 129 sldsTheories of Nation State 129 slds
Theories of Nation State 129 sldsamulya123
 
HISTORY YEAR 9 - DICTATORSHIP
HISTORY YEAR 9 - DICTATORSHIPHISTORY YEAR 9 - DICTATORSHIP
HISTORY YEAR 9 - DICTATORSHIPGeorge Dumitrache
 
The evolutionary theory of origin of state
The evolutionary theory of origin of stateThe evolutionary theory of origin of state
The evolutionary theory of origin of stateKumarGautamAshish
 
Presidential system
Presidential systemPresidential system
Presidential systemmahee tori
 
Democracy and human rights
Democracy and human rightsDemocracy and human rights
Democracy and human rightsUmair Aslam
 

Was ist angesagt? (20)

Montesquieu and locke
Montesquieu and lockeMontesquieu and locke
Montesquieu and locke
 
Unitary and federal government
Unitary and federal governmentUnitary and federal government
Unitary and federal government
 
1962 constitution of pakistan
1962 constitution of pakistan1962 constitution of pakistan
1962 constitution of pakistan
 
Constitution of 1956
Constitution of 1956Constitution of 1956
Constitution of 1956
 
Pm and cabinet key concepts
Pm and cabinet key conceptsPm and cabinet key concepts
Pm and cabinet key concepts
 
Sovereignty (1).pptx
Sovereignty (1).pptxSovereignty (1).pptx
Sovereignty (1).pptx
 
Summary of constitution in uk end of topic
Summary of constitution in uk end of topicSummary of constitution in uk end of topic
Summary of constitution in uk end of topic
 
Elements of National Power
Elements of National PowerElements of National Power
Elements of National Power
 
Presidential versus Parliamentary System
Presidential versus Parliamentary SystemPresidential versus Parliamentary System
Presidential versus Parliamentary System
 
Islamic concept of state
Islamic concept of stateIslamic concept of state
Islamic concept of state
 
Political science part iii
Political science part iiiPolitical science part iii
Political science part iii
 
Sovereignty political science
Sovereignty political scienceSovereignty political science
Sovereignty political science
 
Public opinion
Public opinionPublic opinion
Public opinion
 
Power in ir
Power in irPower in ir
Power in ir
 
Theories of Nation State 129 slds
Theories of Nation State 129 sldsTheories of Nation State 129 slds
Theories of Nation State 129 slds
 
HISTORY YEAR 9 - DICTATORSHIP
HISTORY YEAR 9 - DICTATORSHIPHISTORY YEAR 9 - DICTATORSHIP
HISTORY YEAR 9 - DICTATORSHIP
 
The evolutionary theory of origin of state
The evolutionary theory of origin of stateThe evolutionary theory of origin of state
The evolutionary theory of origin of state
 
Presidential system
Presidential systemPresidential system
Presidential system
 
Democracy and human rights
Democracy and human rightsDemocracy and human rights
Democracy and human rights
 
Dictatorship
DictatorshipDictatorship
Dictatorship
 

Andere mochten auch

Designing Sociability: With Notes
Designing Sociability: With NotesDesigning Sociability: With Notes
Designing Sociability: With NotesChristina Wodtke
 
Big data for a new sociability
Big data for a new sociabilityBig data for a new sociability
Big data for a new sociabilityDavide Bennato
 
10 Commandments of Sociability (UX + Social Media)
10 Commandments of Sociability (UX + Social Media)10 Commandments of Sociability (UX + Social Media)
10 Commandments of Sociability (UX + Social Media)Chris Pitre
 
Creating Pleasurable Experiences, Zach Pousman, ReMIX Atlanta
Creating Pleasurable Experiences, Zach Pousman, ReMIX AtlantaCreating Pleasurable Experiences, Zach Pousman, ReMIX Atlanta
Creating Pleasurable Experiences, Zach Pousman, ReMIX AtlantaZach Pousman
 
Advanced writing
Advanced writingAdvanced writing
Advanced writingvidal_40
 
Social Heredity
Social HereditySocial Heredity
Social HeredityRati Soni
 
Sociology
SociologySociology
Sociologybokernz
 
Ken Done Slideshow
Ken Done SlideshowKen Done Slideshow
Ken Done Slideshowdet914
 
Australian Federation
Australian FederationAustralian Federation
Australian Federationmarg Murnane
 
Literary criticism: Classical Philosophers
Literary criticism: Classical PhilosophersLiterary criticism: Classical Philosophers
Literary criticism: Classical PhilosophersMansa Daby
 
(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation Options(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation OptionsAmazon Web Services
 
Social psychology study unit 15.1
Social psychology study unit 15.1Social psychology study unit 15.1
Social psychology study unit 15.1Chantal Settley
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in PracticeForgeRock
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsAmazon Web Services
 
Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsAmazon Web Services
 
Deep Dive: Developing, Deploying & Operating Mobile Apps with AWS
Deep Dive: Developing, Deploying & Operating Mobile Apps with AWS Deep Dive: Developing, Deploying & Operating Mobile Apps with AWS
Deep Dive: Developing, Deploying & Operating Mobile Apps with AWS Amazon Web Services
 
Next-Generation Firewall Services VPC Integration
Next-Generation Firewall Services VPC IntegrationNext-Generation Firewall Services VPC Integration
Next-Generation Firewall Services VPC IntegrationAmazon Web Services
 

Andere mochten auch (20)

Federation
FederationFederation
Federation
 
Designing Sociability: With Notes
Designing Sociability: With NotesDesigning Sociability: With Notes
Designing Sociability: With Notes
 
Big data for a new sociability
Big data for a new sociabilityBig data for a new sociability
Big data for a new sociability
 
10 Commandments of Sociability (UX + Social Media)
10 Commandments of Sociability (UX + Social Media)10 Commandments of Sociability (UX + Social Media)
10 Commandments of Sociability (UX + Social Media)
 
Creating Pleasurable Experiences, Zach Pousman, ReMIX Atlanta
Creating Pleasurable Experiences, Zach Pousman, ReMIX AtlantaCreating Pleasurable Experiences, Zach Pousman, ReMIX Atlanta
Creating Pleasurable Experiences, Zach Pousman, ReMIX Atlanta
 
Advanced writing
Advanced writingAdvanced writing
Advanced writing
 
Social Heredity
Social HereditySocial Heredity
Social Heredity
 
Sociology
SociologySociology
Sociology
 
Ken Done Slideshow
Ken Done SlideshowKen Done Slideshow
Ken Done Slideshow
 
Social environment by novs
Social environment by novsSocial environment by novs
Social environment by novs
 
Australian Federation
Australian FederationAustralian Federation
Australian Federation
 
Literary criticism: Classical Philosophers
Literary criticism: Classical PhilosophersLiterary criticism: Classical Philosophers
Literary criticism: Classical Philosophers
 
(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation Options(SEC307) A Progressive Journey Through AWS IAM Federation Options
(SEC307) A Progressive Journey Through AWS IAM Federation Options
 
Social psychology study unit 15.1
Social psychology study unit 15.1Social psychology study unit 15.1
Social psychology study unit 15.1
 
Psychosocial assessment
Psychosocial assessmentPsychosocial assessment
Psychosocial assessment
 
Federation in Practice
Federation in PracticeFederation in Practice
Federation in Practice
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
 
Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 Threats
 
Deep Dive: Developing, Deploying & Operating Mobile Apps with AWS
Deep Dive: Developing, Deploying & Operating Mobile Apps with AWS Deep Dive: Developing, Deploying & Operating Mobile Apps with AWS
Deep Dive: Developing, Deploying & Operating Mobile Apps with AWS
 
Next-Generation Firewall Services VPC Integration
Next-Generation Firewall Services VPC IntegrationNext-Generation Firewall Services VPC Integration
Next-Generation Firewall Services VPC Integration
 

Ähnlich wie Federation

Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013
Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013
Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013Amazon Web Services
 
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Amazon Web Services
 
Jump Start your First Hour with AWS
Jump Start your First Hour with AWSJump Start your First Hour with AWS
Jump Start your First Hour with AWSAmazon Web Services
 
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-OnAWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-OnAmazon Web Services
 
Jump Start your First Hour with AWS
Jump Start your First Hour with AWSJump Start your First Hour with AWS
Jump Start your First Hour with AWSAmazon Web Services
 
AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview Amazon Web Services
 
AWS Summit Auckland 2014 | Jump Start your First Hour with AWS
AWS Summit Auckland 2014 | Jump Start your First Hour with AWS AWS Summit Auckland 2014 | Jump Start your First Hour with AWS
AWS Summit Auckland 2014 | Jump Start your First Hour with AWS Amazon Web Services
 
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...Amazon Web Services
 
AWS Summit Sydney 2014 | Jump Start your First Hour with AWS
AWS Summit Sydney 2014 | Jump Start your First Hour with AWSAWS Summit Sydney 2014 | Jump Start your First Hour with AWS
AWS Summit Sydney 2014 | Jump Start your First Hour with AWSAmazon Web Services
 
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIsAmazon Web Services
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Michael Collier
 
Jump Start your First Hour with AWS
Jump Start your First Hour with AWSJump Start your First Hour with AWS
Jump Start your First Hour with AWSAmazon Web Services
 
SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access ServicesAmazon Web Services
 
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013Amazon Web Services
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Kris Wagner
 

Ähnlich wie Federation (20)

Federation
Federation Federation
Federation
 
Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013
Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013
Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013
 
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
 
Jump Start your First Hour with AWS
Jump Start your First Hour with AWSJump Start your First Hour with AWS
Jump Start your First Hour with AWS
 
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-OnAWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
AWS Partner Webcast - Get Closer to the Cloud with Federated Single Sign-On
 
Jump Start your First Hour with AWS
Jump Start your First Hour with AWSJump Start your First Hour with AWS
Jump Start your First Hour with AWS
 
AWS Users Authentication
AWS Users AuthenticationAWS Users Authentication
AWS Users Authentication
 
AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview
 
AWS Summit Auckland 2014 | Jump Start your First Hour with AWS
AWS Summit Auckland 2014 | Jump Start your First Hour with AWS AWS Summit Auckland 2014 | Jump Start your First Hour with AWS
AWS Summit Auckland 2014 | Jump Start your First Hour with AWS
 
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
AWS Identity, Directory, and Access Services: An Overview - SID201 - Chicago ...
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
 
AWS Summit Sydney 2014 | Jump Start your First Hour with AWS
AWS Summit Sydney 2014 | Jump Start your First Hour with AWSAWS Summit Sydney 2014 | Jump Start your First Hour with AWS
AWS Summit Sydney 2014 | Jump Start your First Hour with AWS
 
AWS IAM Introduction
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
 
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
 
Jump Start your First Hour with AWS
Jump Start your First Hour with AWSJump Start your First Hour with AWS
Jump Start your First Hour with AWS
 
SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services SID201 Overview of AWS Identity, Directory, and Access Services
SID201 Overview of AWS Identity, Directory, and Access Services
 
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
Integrate Social Login Into Mobile Apps (SEC401) | AWS re:Invent 2013
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
 
Cognito Customer Deep Dive
Cognito Customer Deep DiveCognito Customer Deep Dive
Cognito Customer Deep Dive
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Kürzlich hochgeladen

Lions New Portal from Narsimha Raju Dichpally 320D.pptx
Lions New Portal from Narsimha Raju Dichpally 320D.pptxLions New Portal from Narsimha Raju Dichpally 320D.pptx
Lions New Portal from Narsimha Raju Dichpally 320D.pptxlionnarsimharajumjf
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lodhisaajjda
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Baileyhlharris
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar TrainingKylaCullinane
 
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...ZurliaSoop
 
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityUnlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityHung Le
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIINhPhngng3
 
BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptx
BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptxBEAUTIFUL PLACES TO VISIT IN LESOTHO.pptx
BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptxthusosetemere
 
Call Girls Near The Byke Suraj Plaza Mumbai »¡¡ 07506202331¡¡« R.K. Mumbai
Call Girls Near The Byke Suraj Plaza Mumbai »¡¡ 07506202331¡¡« R.K. MumbaiCall Girls Near The Byke Suraj Plaza Mumbai »¡¡ 07506202331¡¡« R.K. Mumbai
Call Girls Near The Byke Suraj Plaza Mumbai »¡¡ 07506202331¡¡« R.K. MumbaiPriya Reddy
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfSkillCertProExams
 
History of Morena Moshoeshoe birth death
History of Morena Moshoeshoe birth deathHistory of Morena Moshoeshoe birth death
History of Morena Moshoeshoe birth deathphntsoaki
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatmentnswingard
 
LITTLE ABOUT LESOTHO FROM THE TIME MOSHOESHOE THE FIRST WAS BORN
LITTLE ABOUT LESOTHO FROM THE TIME MOSHOESHOE THE FIRST WAS BORNLITTLE ABOUT LESOTHO FROM THE TIME MOSHOESHOE THE FIRST WAS BORN
LITTLE ABOUT LESOTHO FROM THE TIME MOSHOESHOE THE FIRST WAS BORNtntlai16
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalFabian de Rijk
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...David Celestin
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoKayode Fayemi
 
Zone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptxZone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptxlionnarsimharajumjf
 
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfSOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfMahamudul Hasan
 

Kürzlich hochgeladen (20)

Lions New Portal from Narsimha Raju Dichpally 320D.pptx
Lions New Portal from Narsimha Raju Dichpally 320D.pptxLions New Portal from Narsimha Raju Dichpally 320D.pptx
Lions New Portal from Narsimha Raju Dichpally 320D.pptx
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
 
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityUnlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptx
BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptxBEAUTIFUL PLACES TO VISIT IN LESOTHO.pptx
BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptx
 
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait Cityin kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
 
Call Girls Near The Byke Suraj Plaza Mumbai »¡¡ 07506202331¡¡« R.K. Mumbai
Call Girls Near The Byke Suraj Plaza Mumbai »¡¡ 07506202331¡¡« R.K. MumbaiCall Girls Near The Byke Suraj Plaza Mumbai »¡¡ 07506202331¡¡« R.K. Mumbai
Call Girls Near The Byke Suraj Plaza Mumbai »¡¡ 07506202331¡¡« R.K. Mumbai
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
History of Morena Moshoeshoe birth death
History of Morena Moshoeshoe birth deathHistory of Morena Moshoeshoe birth death
History of Morena Moshoeshoe birth death
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
LITTLE ABOUT LESOTHO FROM THE TIME MOSHOESHOE THE FIRST WAS BORN
LITTLE ABOUT LESOTHO FROM THE TIME MOSHOESHOE THE FIRST WAS BORNLITTLE ABOUT LESOTHO FROM THE TIME MOSHOESHOE THE FIRST WAS BORN
LITTLE ABOUT LESOTHO FROM THE TIME MOSHOESHOE THE FIRST WAS BORN
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of Drupal
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
Zone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptxZone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptx
 
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfSOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
 

Federation

  • 1. Bring Your Own Identities – Federating Access to Your AWS Environment Zaher Dannawi Senior Product Manager Identity and Access Management
  • 2. Agenda • What is delegation? • What are the scenarios? • How does it work? • Q&A
  • 3. What is federation? • Delegation – Provide users in other AWS accounts access to resources in your AWS account • Federation – Provide users in other identity stores access to resources in your AWS account
  • 4. Common Use Cases Delegate to other AWS accounts • To your team member • To another team • To third party software • To an AWS service • To an EC2 instance Federate with other identity stores • Users in your corporate directory – e.g. Active Directory, Google • Users authenticated by a web identity provider – e.g. Login With Amazon, Facebook
  • 5. Sessions 101 • Allow temporary access to your AWS account • Are generated by the AWS Security Token Service (STS) • Include temporary security credentials that are used to make API calls to AWS services
  • 6. Requesting a Session Session Access Key Id Secret Access Key Expiration Session Token Start by requesting a session from AWS STS
  • 7. What’s in a Session? Use the keys to sign AWS service API requests Session Access Key Id Secret Access Key Expiration Session Token Use the token as an additional parameter for every API request Temporary Security Credentials
  • 8. Multiple Ways to Get Sessions • Self-sessions (GetSessionToken) • Federated sessions (GetFederationToken) • Assumed-role sessions • AssumeRole • AssumeRoleWithSAML • AssumeRoleWithWebIdentity Session Access Key Id Secret Access Key Expiration Session Token
  • 9. Sessions Expire Expiration varies based on token type [Min/Max/Default] • Self (Account) [15 min / 60 min / 60 min] • Self (IAM User) [15 min / 36 hrs / 12 hrs] • Federated [15 min / 36 hrs / 12 hrs] • Assumed-role [15 min / 60 min / 60 min] Use caching to improve your application performance Session Access Key Id Secret Access Key Expiration Session Token New in July 2016: Federated console duration now 12 hours
  • 10. DEMO #1 - AWS Console Single Sign-on Active Directory Log into the console without a user name and password!
  • 11.
  • 12. Wait… what just happened? 1. Logged into my Windows instance with AD credentials 2. Hit an intranet website 3. Chose the “role” I wanted to play in AWS 4. Auto-magically signed in to the console
  • 13. AWS Console Federation Walkthrough (AssumeRole) Customer (IdP) AWS Cloud (Relying Party) AWS Management Console Browser interface Corporate directory Federation proxy 1Browse to URL 3 2 Redirect to Console 10 Generate URL9 4 List RolesRequest 8 Assume Role Response Temp Credentials • Access Key • Secret Key • Session Token 7 AssumeRole Request Create combo box 6 Federation proxy • Uses a set of IAM user credentials to make AssumeRoleRequest() • IAM user permissions only need to be able to call ListRoles & assume role • Proxy needs to securely store these credentials 5 List RolesResponse
  • 14. Console Federation using SAML (AssumeRoleWithSAML) Enterprise (Identity Provider) AWS (Service Provider) AWS Sign-in Browser interface Corporate identity store Identity provider 1User browses to Identity provider 2 Receives AuthN response 5 Redirect client AWS Management Console 3 Post to Sign-In Passing AuthN Response 4
  • 15. AWS API Federation Walkthrough (GetFederationToken) Customer (Identity Provider) AWS Cloud (Relying Party) AWS Resources User Application Active Directory Federation Proxy 4 Get Federation Token Request 3 2 S3 Bucket with Objects Amazon DynamoDB Amazon EC2 Request Session 1 Receive Session6 5 Get Federation Token Response • Access Key • Secret Key • Session Token APP Federation Proxy • Uses a set of IAM user credentials to make a GetFederationTokenRequest() • IAM user permissions need to be the union of all federated user permissions • Proxy needs to securely store these privileged credentials Call AWS APIs7
  • 17. Web Identity Federation (AssumeRoleWithWebIdentity) AWS Cloud US-EAST-1 EU-WEST-1 AP-SOUTHEAST-1 AWS Services Amazon DynamoDB S3 Authenticate User 1 6 7 IAM EC2 Instances Token Verification 4 Web identity Provider 3 5 Check Policy Id Token 2 Mobile App Amazon Cognito: user sign-in and signup for mobile/web apps via social authentication, SAML, custom identities.
  • 18. Summary • Proxy-based Federation – GetFederationToken and AssumeRole • SAML-based Federation – AssumeRoleWithSAML – ADFS – Shibboleth • Web Identity Federation - AssumeRoleWithWebIdentity – Login with Amazon, Facebook, Google – Amazon Cognito
  • 19. DEMO #2 – Federated Access to AWS CLI Active Directory
  • 20.
  • 21. What just happened? 1. Logged into my Windows desktop 2. Opened terminal 3. Utility obtained temporary security credentials 4. Accessed AWS services via CLI
  • 22. What just happened? – Code Snippets # Use the assertion to get an AWS STS token using Assume Role with SAML conn = boto.sts.connect_to_region(region) token = conn.assume_role_with_saml(role_arn, principal_arn, assertion) What’s Happening: Call the standard AWS STS service to request AWS temporary security credentials # Initiate session handler session = requests.Session() # Programatically get the SAML assertion # Set up the NTLM authentication handler by using the provided credential session.auth = HttpNtlmAuth(username, password, session) # Opens the initial AD FS URL and follows all of the HTTP302 redirects response = session.get(idpentryurl, verify=sslverification) # Debug the response if needed #print (response.text) What’s Happening: Assemble the authentication information (username, password) and formulate the https request to the IdP # Parse the returned assertion and extract the authorized roles awsroles = [] root = ET.fromstring(base64.b64decode(assertion)) for saml2attribute in root.iter('{urn:oasis:names:tc:SAML:2.0:assertion}Attribute'): if (saml2attribute.get('Name') == 'https://aws.amazon.com/SAML/Attributes/Role'): for saml2attributevalue in saml2attribute.iter('{urn:oasis:names:tc:SAML:2.0:assertion}AttributeValue'): awsroles.append(saml2attributevalue.text) What’s Happening: Iterate through the IdP response tags until it finds one named SAMLResponse.
  • 23. Q&A
  • 24. Links • Twitter @AWSIdentity • AWS Security Blog http://bit.ly/1n1z1QL • IAM Details Page http://amzn.to/1lPyQs9 • IAM Forums http://bit.ly/1p2Ip6M • API federation sample http://amzn.to/11AFKtS • Console federation sample http://amzn.to/1vlBZ6N
  • 25. aws.amazon.com/activate Everything and Anything Startups Need to Get Started on AWS