Advanced Identity

Table of Contents

AWS STS (Security Token Service) #

Enables creating temporary, limited-privileged credentials to access AWS resources
Short-term credentials (you configure the expiration period)
Use cases:
- Identify federation: manage user identities in external systems and provide them STS tokens to access AWS resources
- IAM Roles for cross / same account access
- IAM Roles for Amazon EC2: provide temporary credentials for EC2 instances to access AWS resources

Instead of creating users in IAM, web users can be created using Cognito

Amazon Cognito for web and mobile applications. It can also integrate with Google and Facebook login.

AWS Managed Microsoft AD
- Create our own AD in AWS, manage users locally, supports MFA
- Establish “Trust” connections with on-premise AD
AD Connector
- Directory Gateway (proxy) to redirect to on-premise AD, supports MFA
- Users are managed on the on-premise AD
Simple AD
- AD-compatible managed directory on AWS
- Cannot be joined with on-premise AD

IAM
- Identity and Access Management inside your AWS account
- For users that you trust and belong to your company
Organizations
- Manage multiple accounts
Security Token Service (STS)
- Temporary, limited-privileges credentials to access AWS resources
Cognito
- Create a database of users for your web and mobile applications
Directory Services
- Integrate Microsoft Active Directory in AWS
IAM Identity Center
- One login for multiple AWS accounts and applications

This series draws heavily from Stephane Maarek’s Ultimate AWS Certified Cloud Practitioner course on Udemy.

His content was instrumental in helping me pass the certification.

About the instructor
🌐 Website	📺 YouTube
💼 LinkedIn	𝕏 x.com

ℹ️Shared for educational purposes only, no rights reserved.