Advanced Identity

Question 1

AWS STS (SecurityToken Service)

Answer 1

Enables you to create temporary, limited- privileges credentials to access your AWS resources.

• Short-term credentials: you configure expiration period

Use cases
• Identity federation
• IAM Roles for cross/same account access
• IAM Roles for Amazon EC2

Question 2

Amazon Cognito

Answer 2

• Identity for your Web and Mobile applications users (potentially millions)

• Instead of creating them an IAM user, you create a user in Cognito

Question 3

What is Microsoft Active Directory (AD)?

Answer 3

It’s a way for you to manage users, computers, printers, and so on, usually within on-premises system.

• Database of objects
• Centralized security management, create account, assign permissions

Question 4

AWS Directory Services

Answer 4

Enables your directory-aware workloads and AWS resources to use managed Active Directory (AD) in AWS.

Question 5

AWS IAM Identity Center

Answer 5

Centrally manage Single Sign-On to access multiple accounts and 3rd-party business applications.

• Integrated with AWS Organizations
• Supports SAML 2.0 markup
• Integration with on-premise Active Directory

Question 6

Advanced Identity - Summary

Answer 6

IAM
• Identity and Access Management inside your AWS account
• For users that you trust and belong to your company

• Organizations: manage multiple AWS accounts

• Security Token Service (STS): temporary, limited-privileges credentials to access AWS resources

• Cognito: create a database of users for your mobile & web applications

• Directory Services: integrate Microsoft Active Directory in AWS

• AWS IAM Identity Center: one login for multiple AWS accounts & applications