Advanced Identity Flashcards
What functionality does the security token service provide?
Allows you to create temporary, limited-privilege credentials to access your AWS resources.
What is AWS Cognito?
Identity handling and SSO for web and mobile applications up to millions of users
Why use Cognito over IAM?
IAM is meant to be used for people handling the underlying AWS resources or systems in place creating/maintaining the service.
This is different to allowing people to use the service.
E.g. I don’t need to see the provisioning/coding/resources behind Netflix, but I do want to be able to log in and use the service
What is AWS Directory Services?
A service that allows you to standardise your login credentials across many different systems seamlessly.
Only works for on-premise systems
What does AWS IAM Identity Centre allow you to do? How is it different to AWS Directory Services?
Allows one login for all your AWS accounts and business cloud applications. Can use the built in IAM Identity Centre option or do this using OneLogin, Okta or ActiveDirectory.
Essentially allows SSO in your AWS accounts.
Not for on-premise - that is where directory services would be used.
What type of Active Directory is the most expensive but also the most feature rich?
Microsoft Active Directory
