All about Identity at AMAZON WEB SERVICES plus what are we still missing?
Session Topic: All About Identity at Amazon Web Services
Convener: Ian Wesley-Smith
Notes-taker(s): Ian Wesley-Smith
- Check out our best practices for users and permissions: http://
- Question on Federating with University via SAML (Nathan from UW)
- Not possible currently, can write a proxy and use GetFederationToken (http://
- Discussed STS (http://docs.aws.amazon.com/STS/latest/APIReference/
- AssumeRoles (http://docs.aws.amazon.com/STS/latest/APIReference/
- Should I use AssumeRole or Federated Users?
- We suggest roles unless you have a special authorization requirement
- Can you assume multiple roles at the same time?
- Do you support MFA? Yes: http://aws.amazon.com/mfa/
- How are root accounts and IAM users related?
- Cross-account Access? http://aws.amazon.com/about-aws/whats-new/2012/11/
- We have a cloud HSM http://aws.amazon.com/cloudhsm/
- What certifications do we have? https://aws.amazon.com/security/
- Consolidated billing: http://docs.aws.amazon.com/awsaccountbilling/latest/
- Discussion about what federation technologies customers would like to see
- OpenID Connect Support
- SAML Support