In this video, you will understand the various ways you can federate external users with your AWS account. External users can come from on-premises authentication stores like Microsoft Active Directory, other AWS accounts, or any web identity provider that supports Security Markup Assertion Language (SAML). You will see federation in action as we simulate federating with a local Active Directory authentication store using the AWS Directory Service.
- [Voiceover] Allowing external users to access resources…in your AWS account is an important concept to internalize.…If you have any on-site systems today…you may want to grant people…from your existing authentication store delegated access…to your AWS account.…Let's explore how to set up federated access.…Federated, meaning externally authenticated, users…can come from a variety of sources.…External entities you may want to federate with include:…On-premises authentication sources you operate…like a local Microsoft Active Directory;…other AWS accounts you own; or from web identity providers…such as Facebook, Google, or any provider…that supports OpenID Connect as an authentication protocol.…
Let's look at a typical use case…where federated authentication applies.…Allison is a corporate domain administrator.…Every day she authenticates to her line of business systems…using Microsoft Active Directory.…As part of its cloud strategy,…her company has started using resources in AWS…and Allison will need to be able to manage them.…
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor