Skip to content

AWS Notes

Identityfederation

AWS Notes

Table of Contents
Identity
Identity
- AWS Accounts
- Awssso
- Cognito
- Controltower
- AWS Identity And Access Management (IAM)
- Identityfederation Identityfederation
  Table of contents
  - SAML 2.0
- Organizations
- Policyevaluation
- Ram
- Revisiontopics
- Scp
- Servicecatalogue
- Servicequotas
- Sts
- Toc
Compute
Compute
- Containers
  Containers
  - Basics
  - Ecr
  - Ecs
  - Eks
- Ec2
  Ec2
- Elasticbeanstalk
  Elasticbeanstalk
  - TOC
  - Basics
  - Deployment
  - Docker
- Lambda
  Lambda
  - Basics
  - Execution
  - Networking
  - Stepfunctions
  - TOC
Databases
Databases
- Athena
- Elasticcache
- Redshift
- Aurora
  Aurora
  - Index
- Dynamodb
  Dynamodb
  - TOC
  - Basics
  - Dax
  - Globaltables
  - Indexes
  - Operating
  - Streams
- Rds
  Rds
  - Index
  - Basics
  - Multiaz
  - Backups
  - Readreplicas
  - Rdssecurity
  - Aurorabasics
  - Auroraserverless
  - Rdsproxy
  - Dms
Networking
Networking
- Toc
- Apigateway
  Apigateway
  - Basics
- Hybrid
  Hybrid
- Scaling
  Scaling
  - Asg
  - Loadbalancer
- Vpc
  Vpc
Storage
Storage
- Efs
- Fsx
- Transferfamily
Security
Security
- Cloudhsm
- Guardduty
- Inspector
- Neworkfirewall
- Trustedadvisor
- Waf
- Key management service
  Key management service
  - KMS Basics
Monitoring
Monitoring
- Awsconfig
- Cloudtrail
- Vpcflowlogs
- X ray
- Cloudwatch
  Cloudwatch
  - Basics
  - Cwlogs
  - Toc
Devops
Devops
- Basics
- Cicd
Costmanagement
Costmanagement
- Basics
Bcpdr
Bcpdr
- Disasterrecovery
Eventdriven
Eventdriven
- Architecture
- Eventbridge
- Kinesis
- Sns
- Sqs
- TOC
Machinelearning
Machinelearning
- Rekognition
- Comprehend
- Devicefarm
- Forecast
- Frauddetector
- Glue
- Kendra
- Kinesisvideostreams
- Lexconnect
- Polly
- Sagemaker
- Textract
- Transcribe
- Translate
Tbd

Identityfederation

SAML 2.0

SAML - Security Assertion Markup Language
Open Standard used by many Identity Prodivders (IDP)
SAML 2.0 integration enables indirectly using on premise identities with AWS
Primarily used with Enterprise (not web) IDP that is SAML 2.0 compliant
Single source of identity truth for more than 5000 users
Federation uses IAM Roles and Temporary Credentials ( with 12 hours validity)
For this to work Trust needs to be established between SAML2.0 IDP & AWS IAM
Enterprise application first authenticates with Enterprise IDP & gets a SAML token
While communitcating with AWS, the application invokes STS:AssumeRoleWithSAML operation passing in SAML Assertion
STS returns temporary AWS credentials to the application