Get started with AWS IAM

Federation enables you to manage access to your AWS Cloud resources centrally. With federation, you can use single sign-on (SSO) to access your AWS accounts using credentials from your corporate directory. Federation uses open standards, such as Security Assertion Markup Language 2.0 (SAML), to exchange identity and security information between an identity provider (IdP) and an application.

AWS offers multiple options for federating access to your identities on the AWS Cloud. You can federate access to your AWS accounts by using AWS Identity and Access Management (IAM). You also can add federation support to your web and mobile apps running on the AWS Cloud by using Amazon Cognito.

AWS also offers non–SAML-based options for managing access to your AWS Cloud resources. AWS Directory Service for Microsoft Active Directory, also known as AWS Microsoft AD, uses secure Windows trusts to enable users to sign in to the AWS Management Console, AWS Command Line Interface (CLI), and Windows applications running on the AWS Cloud using Microsoft Active Directory credentials.

4990_social_federation-m

You can enable single sign-on (SSO) to your AWS accounts by using federation and AWS Identity and Access Management (IAM). By federating your AWS accounts, users can sign in to the AWS Management Console and AWS Command Line Interface (CLI) using credentials from your corporate directory. Federation also enables you to manage access to your AWS accounts centrally by adding and removing users from your corporate directory, such as Microsoft Active Directory.

To learn more, see Enabling SAML 2.0 Federated Users to Access the AWS Management Console.

Additional resources:

Federation Webinar Thumbnail
Advanced Techniques for Federation of the AWS Management Console and Command Line Interface (CLI)

You can add support for federation to your web and mobile apps running on the AWS Cloud by using Amazon Cognito. Amazon Cognito helps you add user sign-up and sign-in to your mobile and web apps easily. With Amazon Cognito, you can also authenticate users through social identity providers, such as Facebook, Twitter, and Amazon, or by using your own identity system.

To learn more, see Amazon Cognito Federated Identities.

Additional resources:

Amazon Cognito Webinar Thumbnail
Deep Dive on Amazon Cognito

You can enable single sign-on (SSO) to your Windows applications running on the AWS Cloud by using AWS Directory Service for Microsoft Active Directory, also known as AWS Microsoft AD. You can use AWS Microsoft AD to create secure Windows trusts between your on-premises Microsoft Active Directory domains and your AWS Microsoft AD domain in the AWS Cloud. Using trusts, you can set up SSO to the AWS Management Console and the AWS Command Line Interface (CLI), as well as your Windows-based workloads such as Amazon EC2 for Windows Server, Amazon RDS for SQL Server, and Amazon WorkSpaces.

To learn more, see Tutorial: Create a Trust Relationship Between Your AWS Microsoft AD Domain and Your On-Premises Domain.

Additional resources:

Directory Service Webinar Thumbnail
Using Microsoft Active Directory across On-premises and Cloud Workloads