What is AWS federated access?
Federated access within AWS allows access to your AWS resources without having the need to create an associated IAM user account. Instead, credentials are federated by an identity provider (IdP), for example, your corporate accounts, such as your Microsoft Active Directory accounts (enterprise federation), or even by a social IdP, for example, using the credentials from your Google, Facebook, or even Amazon account (social identity federation).
Federation allows you to manage your account centrally and reduces the administration required in creating multiple accounts to access your AWS resources.
There are a number of different options that organizations use to implement federation. We will be looking at two of the most common ones:
- SAML federation
- Social federation
We will then look at how Amazon Cognito uses federation to manage access to web and mobile applications with ease.
We'll start by explaining how you can allow users to authenticate and access your AWS resources using their corporate identities, such as their MS-AD account.