AWS Security Blog

Tag: Federation

Easier Role Selection for SAML-Based Single Sign-On

At the end of 2013, we introduced single sign-on to the AWS Management Console using the Security Assertion Markup Language (SAML) 2.0. This enables you to use your organization’s existing identity system to sign in to the console without having to provide AWS credentials. Today we’re happy to announce that, in response to your feedback, […]

New in Amazon EMR: Support for Federated Users

AWS announced yesterday that Amazon Elastic MapReduce (EMR) added support for federated users. If you use Amazon EMR, you can now enable users to administer Amazon EMR clusters who are signed in to your corporate network using their corporate credentials—you no longer need to create IAM users for access to EMR. Up to now, federated […]

Federating Identity Management at Netflix with OneLogin

As one of our most active customers, Netflix has hundreds of administrators who need access to AWS daily. Therefore, by eliminating their need to use AWS credentials via identity federation, they saved time, money, and administrative effort almost immediately. They were able to use SAML and OneLogin, their existing identity management provider, to federate users […]

How to Use Shibboleth for Single Sign-On to the AWS Management Console

Update from January 17, 2018: The techniques demonstrated in this blog post relate to traditional SAML federation for AWS. These techniques are still valid and useful. However, AWS Single Sign-On (AWS SSO) provides analogous capabilities by way of a managed service. If you are just getting started with federating access to your AWS accounts, we recommend […]

Tracking Federated User Access to Amazon S3 and Best Practices for Protecting Log Data

Auditing by using logs is an important capability of any cloud platform.  There are several third party solution providers that provide auditing and analysis using AWS logs.  Last November AWS announced its own logging and analysis service, called AWS CloudTrail.  While logging is important, understanding how to interpret logs and alerts is crucial.  In this blog […]

Delegating API Access to AWS Services Using IAM Roles

Suppose you run a research lab and you dump a terabyte or so of data into Amazon DynamoDB for easy processing and analysis. Your colleagues at other labs and in the commercial sphere have become aware of your research and would like to reproduce your results and perform further analysis on their own. AWS supports this very important […]

Enabling Federation to AWS Using Windows Active Directory, ADFS, and SAML 2.0

Update from September 7, 2022: This post had been updated to correct the reference to the CloudFormation template. Update from January 17, 2018: The techniques demonstrated in this blog post relate to traditional SAML federation for AWS. These techniques are still valid and useful. However, AWS Single Sign-On (AWS SSO) provides analogous capabilities by way of […]

Security Sessions at re:Invent 2013

AWS re:Invent 2013, AWS’s second annual conference for developers and technical leaders, is less than a month away.  We have some great sessions and activities lined up to ensure that content quality is high and that your questions are answered. Update (20 May 2014): For links to the session videos and slide presentations from AWS […]

CloudBerry Active Directory Bridge for Authenticating non-AWS AD Users to S3

One of the benefits of AWS is the highly available, durable, and practically unlimited cloud-based storage you can get with Amazon Simple Storage Services (Amazon S3).  Over two trillion objects are already stored in S3 and customers are always finding more creative uses for S3.  One of the more commonly requested use cases is how […]