AWS Identity

AWS Identity Services allow your identity administrators to create users directly in AWS or to connect to an existing identity source. Your employees can use their existing credentials to sign in and see all their assigned roles for AWS accounts and business applications from one place. With AWS, you can extend your on-premises Microsoft Active Directory (AD) to AWS using AD forest trusts or AD Connector.  You then can use your existing AD users and groups to manage access to your AWS accounts and AD-aware workloads such as Amazon RDS for SQL Server, Amazon EC2 for Windows Server, and Amazon WorkSpaces.

AWS Identity Services enable you to quickly grant the right access, to the right people, at the right time by selecting permissions from a library of AWS managed policies, on which you can base your own custom managed policies. AWS also supports the use of attribute-based access control to define and manage fine-grained, highly customizable user permissions. Finally, AWS helps you continuously improve your security posture by analyzing access patterns and identifying unused permissions across all AWS accounts so that you can remove unnecessary access quickly and confidently.

AWS Identity Services give you the ability to delegate administrative tasks and automate capabilities, such as account creation, to make it easy to manage large, multi-account AWS environments. With AWS, you also can improve security and maintain compliance by consistently enforcing who can create what type of resource and where. To get started running secure and scalable workloads quickly, you can build a brand new, multi-account environment based on AWS best practices with just a few clicks. 

Amazon Cognito provides a secure user directory that scales to hundreds of millions of users. As a fully managed service, it is easy to set up without standing up server infrastructure.

With a built-in user interface and easy configuration for federating identity providers, Amazon Cognito helps you add user sign-in, sign-up, and access control to your apps in minutes. You can customize the user interface to highlight your company branding in all user interactions.

See how to quickly integrate Amazon Cognito with your apps.

With Amazon Cognito, your app users can sign in through social identity providers such as Google, Facebook, and Amazon, and through enterprise identity providers via SAML, without having to create and remember additional passwords.

Amazon Cognito is a standards-based identity provider and supports identity and access management standards, such as OAuth 2.0, SAML 2.0, and OpenID Connect.

Read more about federation.

Amazon Cognito supports multi-factor authentication and encryption of data at rest and in transit. It helps you meet multiple security and compliance requirements, including those for highly regulated organizations such as healthcare companies and merchants.

Amazon Cognito is HIPAA eligible and PCI DSS, SOC, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 compliant.

Read more about security and compliance.