Tag: Security Token Service

With AWS Identity and Access Management (IAM), AWS provides a central way to manage user identities and permissions. However, creating and managing the lifecycle of IAM users in AWS can be time-consuming. This post explores how to authenticate users against Azure AD for access to one or multiple AWS accounts using SAML federation. Additionally, it includes a walkthrough on how to setup the federation across Azure AD and multiple AWS accounts.

Many SaaS organizations leverage AWS Identity and Access Management (IAM) to define a series of policies and roles that can be used to ensure tenants are not allowed to cross tenant boundaries when accessing resources. To make this work, you have to create separate policies for each tenant which can create an explosion of tenant policies that push the account limits of IAM. Learn how dynamic policy generation creates a more scalable and manageable isolation experience.