All about Identity at AMAZON WEB SERVICES + what are we still missing?

Session Topic: All About Identity at Amazon Web Services

Wednesday 4G

Convener: Ian Wesley-Smith

Notes-taker(s): Ian Wesley-Smith

docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html) Welcome.html) API_AssumeRole.html) properties-iam-user.html 19/Announcing-Cross-Account-API-Access-Using-IAM-Roles/ about/consolidatedbilling.html
 * Check out our best practices for users and permissions: http://
 * Question on Federating with University via SAML (Nathan from UW)
 * Not possible currently, can write a proxy and use GetFederationToken (http://
 * Discussed STS (http://docs.aws.amazon.com/STS/latest/APIReference/
 * AssumeRoles (http://docs.aws.amazon.com/STS/latest/APIReference/
 * Should I use AssumeRole or Federated Users?
 * We suggest roles unless you have a special authorization requirement
 * Can you assume multiple roles at the same time?
 * No.
 * Do you support MFA? Yes: http://aws.amazon.com/mfa/
 * How are root accounts and IAM users related?
 * http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-
 * Cross-account Access? http://aws.amazon.com/about-aws/whats-new/2012/11/
 * We have a cloud HSM http://aws.amazon.com/cloudhsm/
 * What certifications do we have? https://aws.amazon.com/security/
 * Consolidated billing: http://docs.aws.amazon.com/awsaccountbilling/latest/
 * Discussion about what federation technologies customers would like to see
 * OpenID Connect Support
 * SAML Support