AWS Public Sector Blog
Tag: AWS IAM Identity Center
University of British Columbia Cloud Innovation Centre: Governing an innovation hub using AWS management services
In January 2020, Amazon Web Services (AWS) inaugurated a Cloud Innovation Centre (CIC) at the University of British Columbia (UBC). The CIC uses emerging technologies to solve real-world problems and has produced more than 50 prototypes in sectors like healthcare, education, and research. The Centre’s work has involved 300-plus AWS accounts across various groups, including external collaborators, UBC staff, students, and researchers. This post discusses the management of AWS in higher education institutions, emphasizing governance to securely foster innovation without compromising security and detailing policies and responsibilities for managing AWS accounts across projects and research.
Singapore’s EVe harnesses the power of data with help from NTT DATA, AWS
In alignment with Singapore’s ambitious sustainability objectives, the Land Transport Authority (LTA) of Singapore is intensifying its efforts to spur the adoption of electric vehicles. This contributes to the nation’s goal of achieving 100 percent cleaner energy vehicles by 2040, and the effort leverages Amazon Web Services (AWS). LTA has set up EV-Electric Charging Pte Ltd (EVe) to manage the deployment of up to 12,000 electric vehicle (EV) charging points distributed across 2,000 Housing Development Board (HDB) carparks.
Web filtering for education using AWS Network Firewall
Managing access to websites and safeguarding users from harmful content is a critical component of a layered cybersecurity approach, especially in educational settings. Schools and institutions of higher learning have a responsibility to provide a secure online experience for their students and staff. Traditionally, this has been accomplished through on-site web filtering appliances. Amazon Web Services ( AWS) Network Firewall allows customers to filter their outbound web traffic from on-premises environments based on fully qualified domain names (FQDN) or Server Name Indication (SNI) for encrypted traffic. This post will use AWS Client VPN to demonstrate routing and filtering traffic from external resources through Network Firewall.
Building compliant healthcare solutions using Landing Zone Accelerator
In this post, we explore the complexities of data privacy and controls on Amazon Web Services (AWS), examine how creating a landing zone within which to contain such data is important, and highlight the differences between creating a landing zone from scratch compared with using the AWS Landing Zone Accelerator (LZA) for Healthcare. To aid explanation, we use a simple healthcare workload as an example. We also explain how LZA for Healthcare codifies HIPAA controls and AWS Security Best Practices to accelerate the creation of an environment to run protective health information workloads in AWS.
Data security and governance best practices for education and state and local government
Many organizations within state and local government (SLG) and education must build digital environments and services that meet a variety of dynamic security and compliance considerations, such as StateRAMP and Federal Information Security Management Act (FISMA). Learn key top-level best practices from AWS for how to use AWS Security Services to meet the unique needs of education and SLG organizations.
IAM Identity Center for AWS environments spanning AWS GovCloud (US) and standard Regions
AWS IAM Identity Center (successor to AWS Single Sign-On) provides administrators with a simple way to manage identity and access (IAM) across numerous AWS accounts. IAM Identity Center is available in the AWS GovCloud (US) Regions, enabling customers to simply manage access to numerous AWS accounts in their AWS GovCloud (US) organizations. In this blog post, learn four different architecture patterns for providing an organization’s AWS users with access to both standard and AWS GovCloud (US) accounts using IAM Identity Center that can help minimize administrative overhead and simplify the user experience.
Enabling SAML 2.0 federation with AWS IAM Identity Center and AWS GovCloud (US)
AWS IAM Identity Center helps administrators centrally manage access to multiple AWS accounts that are members of an AWS Organization. End users can authenticate and then access all their AWS accounts from a single interface. Using IAM Identity Center as a SAML identity provider for your AWS accounts also has security benefits: user credentials provided via federation are temporary. IAM Identity Center does not automatically detect AWS GovCloud (US) accounts associated with standard AWS accounts in your AWS Organization. IAM Identity Center is also not currently available in AWS GovCloud (US). As a result, IAM Identity Center cannot be used to automatically provision access for your users into an AWS GovCloud (US) account. However, this functionality can be extended to enable federation into AWS GovCloud (US) with a “custom SAML 2.0 application” in IAM Identity Center.