AWS Partner Network (APN) Blog

Category: AWS Identity and Access Management (IAM)

VMware-Cloud-AWS-012524

Using IAM Roles Anywhere to Help Secure VMware Cloud on AWS Workloads

AWS IAM Roles Anywhere allow you to use identity and access management roles to obtain temporary credentials for workloads outside AWS. This minimizes exposed credentials, enables centralized access controls with AWS IAM, and provides granular permissions to virtual machines. Explore common use cases for using IAM Roles Anywhere for your workloads running on VMware Cloud on AWS and the relevant setup process on a virtual machine in VMware Cloud on AWS.

Devoteam-APN-Blog-012324

Automating OpenID Connect-Based AWS IAM Web Identity Roles with Microsoft Entra ID

For applications running outside AWS, developers often create IAM users with long-lived credentials which can increase security risks. Instead, learn how to integrate AWS IAM Web Identity Roles with Microsoft Entra ID for centralized user management. This post walks through manual setup steps to register an app in Entra ID and create a role in AWS, and describes an automated architecture to synchronize Entra ID service principals and AWS roles.

Federate Single Sign-On Access to Amazon Athena Query Editor with OneLogin

The Amazon Athena web-based query editor enables data consumers to author and run SQL queries on data sources that are registered with the AWS Glue Data Catalog and other data sources such as Amazon S3. This post describes the setup to provide federated access with OneLogin as the identity provider to securely access, author, and run queries in the Athena web-based editor via the AWS console, without the need for users to install a JDBC driver or run a SQL client on their machines.

MOTON-Consulting-APN-Blog-120822

How IAM Health Cloud Helps You Manage AWS IAM Even When You Have Multiple Accounts

IAM Health Cloud is a SaaS solution available in AWS Marketplace that enables continuous and central collection and analysis of all AWS Identity and Access Management (IAM) data for determining a company’s IAM posture across any number of AWS accounts. Learn how to use IAM Health Cloud to gain near real-time centralized insight of all IAM assets across multiple AWS accounts, even if they are independent or part of fragmented AWS Organizations.

Okta-APN-Blog-100422

Improve the Availability of Existing Okta IAM Federation Setup Using Multi-Region SAML Endpoints

Federation using SAML 2.0 enables customers to use their existing external IdP and avoid managing multiple sources of identities when accessing AWS accounts. This post builds on the recommendation of using regional SAML endpoints for failover by showing how you can configure Okta‘s federation with IAM to increase its availability. Learn how to configure Okta, an AWS Security Competency Partner, to utilize multiple regional AWS SAML sign-in endpoints that can be deployed at setup by the Okta admin.

SaaS-on-AWS-2

Implementing SaaS Tenant Isolation Using Amazon SageMaker Endpoints and IAM

As multi-tenant SaaS providers look to leverage machine learning services, they must consider how they’ll protect the data that flows in and out of these services from different tenants. Learn how tenant isolation of machine learning services can be achieved using AWS IAM, and how the integration between IAM, Amazon SageMaker, and many other AWS services provide developers with a rich set of mechanisms that can be applied to realize tenant isolation goals.

OneLogin-AWS-Partners

Simplifying Sign-In for AWS Managed Services with OneLogin, AWS Single Sign-On, and AWS IAM

OneLogin, an AWS Security Competency Partner, provides an identity platform for secure, scalable, and smart experiences that connects people to technology. Learn about all of the integrations available between OneLogin and AWS. Through these integrations, OneLogin enables you to seamlessly authenticate into AWS managed services across various domains, including analytics, compute, serverless, security, management and governance, and more.

Top Recommendations for Working with IAM from Our AWS Heroes – Part 4: Available Permissions and User Identity

When it debuted 10 years ago, AWS Identity and Access Management (IAM) supported15 services. Today, it’s woven into the core of everything in the AWS Cloud. Check out the fourth and final blog post celebrating IAM‘s 10th anniversary. Dive deep on the Service Authorization Reference, a comprehensive list of all the permissions in AWS, and explore the AWS CloudTrail userIdentity element that keeps track of who did what.

Top Recommendations for Working with IAM from Our AWS Heroes – Part 3: Permissions Boundaries and Conditions

This is our third blog post celebrating AWS Identity and Access Management (IAM)‘s 10th anniversary. Explore two powerful ways that you can limit access to AWS by setting the boundaries and conditionally provide access to resources in IAM policies. Permissions boundaries can be used for situations like granting someone limited permissions management abilities, while conditions enable you to specify when a policy statement is enforced.

Contino-AWS-Partners

Using AWS CloudFormation Modules to Improve Enterprise Security

Dive deep on AWS Identity and Access Management (IAM) permissions and how the principle of least privilege can be best achieved when using AWS CloudFormation, and more specifically CloudFormation Modules, to provision resources on AWS. CloudFormation Modules are a way to package resource configurations for inclusion across stack templates, in a transparent, manageable, and repeatable way.