AWS Security Blog
Author: Shon Shah
Benefits of a Key Hierarchy with a Master Key (Part Two of the AWS CloudHSM Series)
Previously, Todd Cignetti, AWS Security Product Manager, wrote a post that covered some typical use cases for AWS CloudHSM, a service that helps you securely generate, store, and manage the cryptographic keys used for data encryption such that they are accessible only by you. In this post, Todd continues the series on AWS CloudHSM with […]
Building an App Using Amazon Cognito and an OpenID Connect Identity Provider
January 11, 2023: This blog post has been updated to reflect the correct OAuth 2.0 endpoint for the Identity Provider (IdP) used and to use an updated version of the AWS SDK for JavaScript. This post has also been refreshed with updated steps to configure an Amazon Cognito Identity Pool and creating a Connected App […]
Easier Role Selection for SAML-Based Single Sign-On
At the end of 2013, we introduced single sign-on to the AWS Management Console using the Security Assertion Markup Language (SAML) 2.0. This enables you to use your organization’s existing identity system to sign in to the console without having to provide AWS credentials. Today we’re happy to announce that, in response to your feedback, […]
How Does Amazon Cognito Relate to Existing Web Identity Federation?
As you might have seen, AWS recently released Amazon Cognito, a user identity and data synchronization service that helps you securely manage and synchronize app data for your users across their mobile devices. If you develop mobile apps that call AWS services, you definitely want to check out Amazon Cognito. What is Amazon Cognito? Amazon […]
How to Use Shibboleth for Single Sign-On to the AWS Management Console
Update from January 17, 2018: The techniques demonstrated in this blog post relate to traditional SAML federation for AWS. These techniques are still valid and useful. However, AWS Single Sign-On (AWS SSO) provides analogous capabilities by way of a managed service. If you are just getting started with federating access to your AWS accounts, we recommend […]
How Do I Protect Cross-Account Access Using MFA?
Today AWS announced support for adding multi-factor authentication (MFA) for cross-account access. In this blog post, I will walk you through a common use case, including a code sample, which demonstrates how to create policies that enforce MFA when IAM users from one AWS account make programmatic requests for resources in a different account. Many […]