AWS Security Blog
Tag: STS
How to use Regional AWS STS endpoints
This blog post provides recommendations that you can use to help improve resiliency in the unlikely event of disrupted availability of the global (now legacy) AWS Security Token Service (AWS STS) endpoint. Although the global (legacy) AWS STS endpoint https://sts.amazonaws.com is highly available, it’s hosted in a single AWS Region—US East (N. Virginia)—and like other […]
Announcing an update to IAM role trust policy behavior
April 16, 2024: Updated with information on AWS CloudTrail logging for roles that are still using the implicit trust behavior, and additional sample queries to find these roles. June 15, 2023: Enforcement has changed from a fixed date to an automated process starting June 30, 2023 that removed roles based on observed role assumption behavior. […]
AWS Security Token Service (STS) Is Now Active by Default in All AWS Regions
My previous blog post on November 11, 2015, reported that we were preparing to activate AWS Security Token Service (STS) by default in all AWS regions. As of today, AWS STS is active by default in all AWS regions, for all customers. This means that your applications and services can immediately take advantage of reduced […]
How Does Amazon Cognito Relate to Existing Web Identity Federation?
As you might have seen, AWS recently released Amazon Cognito, a user identity and data synchronization service that helps you securely manage and synchronize app data for your users across their mobile devices. If you develop mobile apps that call AWS services, you definitely want to check out Amazon Cognito. What is Amazon Cognito? Amazon […]
New in Amazon EMR: Support for Federated Users
AWS announced yesterday that Amazon Elastic MapReduce (EMR) added support for federated users. If you use Amazon EMR, you can now enable users to administer Amazon EMR clusters who are signed in to your corporate network using their corporate credentials—you no longer need to create IAM users for access to EMR. Up to now, federated […]