AWS Identity

Securely manage access to workloads and applications

AWS Identity Services enable you to securely manage identities, resources, and permissions at scale. For applications running on AWS, you can use fine-grained access controls to grant your employees, applications, and devices the access they need to AWS services and resources within easily deployed governance guardrails. AWS Identity Services provide flexible options for where and how you manage your employee, partner, and customer identities, so you can confidently migrate existing workloads to AWS. For hybrid workload deployments, AWS Identity Services allow you to establish a single identity and access strategy across your on-premises environments and AWS. And, for the customer-facing web and mobile apps, you can use AWS Identity Services to quickly add sign-up and sign-in functionality backed by scalable cloud directories for your app users.

AWS Identity Services for your workforce give you a choice of where to manage the identities and credentials of your employees, and the fine-grained permissions to grant the right access, to the right people, at the right time. AWS Identity Services for your customer-facing applications give your developers more time to build great apps for your customers by enabling them to add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. With AWS, you have the identity management services you need to get started quickly with the features and capabilities you need to securely manage access to your workloads and applications as you scale.

Recent announcements

View all >>

AWS Identity Services for your Workforce

AWS gives you the freedom to choose where to manage the identities and credentials of your employees, and the fine-grained permissions to grant the right access, to the right people, at the right time. With AWS, you have flexible administration capabilities and easy-to-use controls over multi-account environments. AWS helps you implement and enforce the principle of least privilege access with analytic tools that help identify unused permissions across all AWS accounts so you can remove unnecessary access quickly and confidently.

Benefits

Freedom to choose your identity source

AWS Identity Services allow your identity administrators to create users directly in AWS or to connect to an existing identity source. Your employees can use their existing credentials to sign in and see all their assigned roles for AWS accounts and business applications from one place. With AWS, you can extend your on-premises Microsoft Active Directory (AD) to AWS using AD forest trusts or an AD Connector. Then, you can use your existing AD users and groups to manage access to your AWS accounts and AD-aware workloads, such as Amazon RDS for SQL Server, Amazon EC2 for Windows Server, and Amazon WorkSpaces.

Fine-grained access control with analytics

AWS Identity Services enable you to quickly grant the right access, to the right people, at the right time by selecting permissions from a library of AWS managed policies, which you can also copy and create your own custom managed policy. AWS also supports the use of resource tags to define and manage fine-grained highly customizable user permissions. Finally, AWS helps you continuously improve your security posture by analyzing access patterns and identifying unused permissions across all AWS accounts so you can remove unnecessary access quickly and confidently.

Flexible administration and governance

AWS Identity Services give you the ability to delegate administrative tasks and automate capabilities, like account creation, to make it easy to manage large, multi-account AWS environments. With AWS, you can also improve security and maintain compliance by consistently enforcing who can create what type of resource and where. To get started fast, AWS supports the ability to build a brand new multi-account environment based on AWS best practices with just a few clicks, so you can quickly setup and run secure and scalable workloads. 

Workforce Identity Services

Cloud single-sign-on (SSO) service

Managed Microsoft Active Directory 

Securely manage access to AWS services and resources 

Simple, secure service to share AWS resources 

Central governance & management across AWS accounts 

Govern a new, secure multi-account AWS environment

AWS Identity Services for Customer-facing Applications

Amazon Cognito helps you create a simple, secure, scalable, and standard-based sign-up and sign-in customer experience for your apps. Amazon Cognito gives your customers the flexibility to use their existing identity providers, social or enterprise, and you save time with easy configurations for federating identity providers. Cognito allows you to add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Your apps will be able to get unique identities for the users, and obtain temporary, limited-privilege AWS credentials to access AWS services.

Benefits

Scalable and easy to use

Amazon Cognito provides a secure user directory that scales to hundreds of millions of users. As a fully managed service, it is easy to set up without standing up server infrastructure.

With a built-in UI and easy configuration for federating identity providers, Amazon Cognito helps you add user sign-in, sign-up, and access control to your app in minutes. You can customize the UI to put your company branding front and center for all user interactions.

See how to quickly integrate Amazon Cognito with your app

Fine-grained access control with analytics

With Amazon Cognito, your app users can sign in through social identity providers such as Google, Facebook, and Amazon, and through enterprise identity providers via SAML, without having to create and remember additional passwords.

Amazon Cognito is a standards-based Identity Provider and supports identity and access management standards, such as OAuth 2.0, SAML 2.0, and OpenID Connect.

Read more about federation

Secure and compliant authentication for your apps

Amazon Cognito supports multi-factor authentication and encryption of data-at-rest and in-transit.

It helps you meet multiple security and compliance requirements, including those for highly regulated organizations such as healthcare companies and merchants.

Amazon Cognito is HIPAA eligible and PCI DSS, SOC, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 compliant.

Read more about security and compliance

Amazon Cognito for Customer-facing Application Identity

Identity management for your apps 

AWS Single Sign-On: Centrally Manage SSO Access to Your AWS Accounts & Business Applications (3:44)
AWS re:Invent 2018: [REPEAT 1] Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) (55:35)
Deep Dive on Running Active Directory on AWS - AWS Online Tech Talks (38:30)
Authentication for Your Applications: Getting Started with Amazon Cognito (52:08)
Scaling Accounts and Permissions Management - AWS Online Tech Talks (37:34)
How do I create an IAM policy to control access to Amazon EC2 resources based on tags? (7:09)

Stay up to date with AWS webinars.

Product-Page_Standard-Icons_02_Sign-Up_SqInk
Exploring identity roles?
Learn more 
Product-Page_Standard-Icons_03_Start-Building_SqInk
Want AWS Identity updates?
Follow us on Twitter