Book Image

Implementing Identity Management on AWS

By : Jon Lehtinen
Book Image

Implementing Identity Management on AWS

By: Jon Lehtinen

Overview of this book

AWS identity management offers a powerful yet complex array of native capabilities and connections to existing enterprise identity systems for administrative and application identity use cases. This book breaks down the complexities involved by adopting a use-case-driven approach that helps identity and cloud engineers understand how to use the right mix of native AWS capabilities and external IAM components to achieve the business and security outcomes they want. You will begin by learning about the IAM toolsets and paradigms within AWS. This will allow you to determine how to best leverage them for administrative control, extending workforce identities to the cloud, and using IAM toolsets and paradigms on an app deployed on AWS. Next, the book demonstrates how to extend your on-premise administrative IAM capabilities to the AWS backplane, as well as how to make your workforce identities available for AWS-deployed applications. In the concluding chapters, you’ll learn how to use the native identity services with applications deployed on AWS. By the end of this IAM Amazon Web Services book, you will be able to build enterprise-class solutions for administrative and application identity using AWS IAM tools and external identity systems.

Related Content you might be interested in

Current Title:

Small book image
Implementing Identity Management on AWS
Jon Lehtinen
Oct, 2021 | 504 pages
Small book image
AWS Security Cookbook
Heartin Kanikathottu
Feb, 2020 | 440 pages
Small book image
Mastering AWS Security
Albert Anthony
Oct, 2017 | 252 pages
Small book image
AWS Certified DevOps Engineer - Professional Certification and Beyond
Adam Book
Nov, 2021 | 638 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: IAM and AWS – Critical Concepts, Definitions, and Tools
Section 1: IAM and AWS – Critical Concepts, Definitions, and Tools
Free Chapter
2
Chapter 1: An Introduction to IAM and AWS IAM Concepts
Chapter 1: An Introduction to IAM and AWS IAM Concepts
Technical requirements
Understanding IAM
Exploring AWS IAM
Putting it all together
Summary
Questions
3
Chapter 2: An Introduction to the AWS CLI
Chapter 2: An Introduction to the AWS CLI
Technical requirements
Exploring the AWS CLI basics
Using the AWS CLI
Putting it all together – creating a functional IAM user with the AWS CLI
Summary
Questions
Further reading
4
Chapter 3: IAM User Management
Chapter 3: IAM User Management
Technical requirements
What is an IAM user account?
Managing and securing root IAM user accounts
Managing and securing IAM user accounts
Managing federated user accounts
Summary
Questions
5
Chapter 4: Access Management, Policies, and Permissions
Chapter 4: Access Management, Policies, and Permissions
Technical requirements
What is access management?
Introducing the AWS access policy types
The anatomy of an AWS JSON policy document
Exploring the AWS policy types
Policy evaluation
Governance
Summary
Questions
Further reading
6
Chapter 5: Introducing Amazon Cognito
Chapter 5: Introducing Amazon Cognito
Technical requirements
What is Amazon Cognito?
Amazon Cognito use cases
Creating an Amazon Cognito user pool
Exploring the hosted UI
Creating an Amazon Cognito identity pool
Summary
Questions
7
Chapter 6: Introduction to AWS Organizations and AWS Single Sign-On
Chapter 6: Introduction to AWS Organizations and AWS Single Sign-On
Technical requirements
What is AWS SSO?
AWS Organizations
Configuring AWS SSO in the Management Console
Configuring AWS SSO from the CLI
Summary
Questions
Further reading
8
Chapter 7: Other AWS Identity Services
Chapter 7: Other AWS Identity Services
Technical requirements
Understanding AWS Directory Service
Encryption and secrets management
Logging and auditing
Summary
Questions
Further reading
9
Section 2: Implementing IAM on AWS for Administrative Use Cases
Section 2: Implementing IAM on AWS for Administrative Use Cases
10
Chapter 8: An Ounce of Prevention – Planning Your Administrative Model
Chapter 8: An Ounce of Prevention – Planning Your Administrative Model
Technical requirements
Evaluating the organization's current IAM capabilities
Evaluating the business structure and account schema
Designing the AWS organizational structure
Summary
Questions
Further reading
11
Chapter 9: Bringing Your Admins into the AWS Administrative Backplane
Chapter 9: Bringing Your Admins into the AWS Administrative Backplane
Technical requirements
Defining our organization's identity source
Provisioning administrative accounts in AWS – account linking
Provisioning administrative accounts in AWS – SCIM provisioning
Summary
Questions
Further reading
Code samples
12
Chapter 10: Administrative Single Sign-On to the AWS Backplane
Chapter 10: Administrative Single Sign-On to the AWS Backplane
Technical requirements
Why use federation for AWS administrators?
Assigning access to AWS accounts
Implementing fine-grained access management for administrators
Administrative SSO using the AWS CLI
Summary
Questions
Further reading
13
Section 3: Implementing IAM on AWS for Application Use Cases
Section 3: Implementing IAM on AWS for Application Use Cases
14
Chapter 11: Bringing Your Users into AWS
Chapter 11: Bringing Your Users into AWS
Technical requirements
Distinguishing administrative users from non-administrative users
Solutions to non-administrative user use cases for apps on AWS
Using Managed AD and trusts
Creating the trust between AWS Managed AD and on-premises AD
Summary
Questions
Further reading
15
Chapter 12: AWS-Hosted Application Single Sign-On Using an Existing Identity Provider
Chapter 12: AWS-Hosted Application Single Sign-On Using an Existing Identity Provider
Technical requirements
Defining the use case and solution architecture
Creating a user pool
Connecting Amazon Cognito to an external IdP – SAML
Connecting Amazon Cognito to an external IdP – OIDC
Assuming roles with identity pools
Summary
Questions
Further reading
Why subscribe?
16
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Preface

Amazon Web Services (AWS) is the largest cloud platform in the world. It was also the first modern cloud services provider and the first to achieve broad enterprise penetration. Whereas being the successful first mover in a market has its advantages, it can also limit a service’s flexibility. Compared to its biggest peers, which logically extend enterprise identity architectures (in part because they came to market years later), AWS’ IAM capabilities can appear slightly alien. Like an archaeologist examining a dig site, we can see artifacts that suggest the service had a history of differing access mechanisms and strategies over the years. Given the success of the service, perhaps it was deemed too great a risk to the growing user base to make sweeping, foundational changes to align more with the familiar IAM patterns found in other organizations.

As AWS predates many enterprise identity best practices and reference architectures, bridging the paradigms of modern enterprise IAM and AWS’ custom approach to IAM is often a difficult leap. Fortunately, with the advent of services such as AWS Organizations, AWS SSO, and Amazon Cognito, the service has never been more approachable. In this book, we will begin by examining the core services and components of identity on AWS in a manner designed to take the rough edges off its more eccentric components. Once we have built up our foundational knowledge, we will then apply what we have learned by solving familiar enterprise use cases.

Previous Section
Next Section