[AWS Architect] (23) IDF, Cognito, and SSO

IDF (Identity Federation) is an architecture where the identities of an external identity provider (IDP) are recognized.

Types of IDF

  • Cross-account roles: A remote account is allowed to assume a role and access your account’s resources,
  • SAML 2.0 IDF: It allows users of SAMAL compatible system such as Active Directory (AD) to log in to the AWS services.
  • Web Identity Federation: External web-based IDPs (Google, Facebook) are allowed to assume roles.
Continue reading “[AWS Architect] (23) IDF, Cognito, and SSO”

[AWS Architect] (19) IAM and STS

Identity and Access Management (IAM) provides the centralized management of accessing AWS services via policies that can be attached to users, groups, and roles.

  • IAM is a global service that is not tied to a region.
    • Users and policies can be used globally.
  • Users are given long-term credentials to access AWS resources (username/password or access keys).
  • Roles allow for short-term access to resources when assumed, using temporary access credentials.
Continue reading “[AWS Architect] (19) IAM and STS”

[AWS Architect] (18) Storage Gateway

Storage Gateway is a hybrid storage service that allows you to migrate data into AWS, extending on-premise storage capacity using AWS.

  • It is used when you want to integrate the existing on-premise application data with AWS cloud storage services without fully migrating to AWS. Application in your network can access data in the cloud.
  • Data may be moved to AWS and cached them locally at the on-premise data center.
Continue reading “[AWS Architect] (18) Storage Gateway”