Learn about the various ways you can federate external users with your AWS account. External users can come from on-premises authentication stores like Microsoft Active Directory, other AWS accounts, or any web identity provider that supports Security Markup Assertion Language (SAML). See an example of federation in action as we simulate federating with a local Active Directory authentication store using the AWS Directory Service.
- [Instructor] Allowing external users to access resources…in your AWS account is an important concept to internalize.…If you have any on-site systems today,…you may want to grant people from your existing…authentication store delegated access to your AWS account.…Let's explore how to set up federated access.…Federated, meaning externally authenticated,…users can come from a variety of sources.…External entities you may want to federate with…include on-premises authentication sources you operate…like a local Microsoft Active Directory,…other AWS accounts you own, or from web identity providers,…such as Facebook, Google, or any provider…that supports OpenID Connect as an authentication protocol.…
Let's look at a typical use case…where federated authentication applies.…Alison is a corporate domain Administrator.…Everyday she authenticates to her line of business systems…using Microsoft Active Directory.…As part of its cloud strategy,…her company has started using resources in AWS…and Alison will need to be able to manage them.…
Sharif Nijim couples pragmatic advice with practical examples that educate IT pros on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts, including users, groups, roles, and policies. Learn how to configure Identity and Access Manager (IAM) and Simple Storage Service (S3) access management, including policies and access control lists. At the end of the course, Sharif helps you prepare for the inevitable audit of your AWS account(s).
This course is also part of a series designed to help you prepare for the AWS Certified SysOps Administrator – Associate certification exam.
- Summarize the AWS Shared Responsibility Model.
- Recall how to implement separation of duties.
- Differentiate between assigning permissions to an individual versus a group.
- Summarize how to create IAM roles.
- Describe how to secure financial access.
- Recall the steps for managing access to S3 with IAM.
- Cite the advantages of a pre-signed URL.