AWS Public Sector Blog

Tag: AWS IAM Identity Center

AWS branded background design with text overlay that says "Empowering the public sector with secure, governed generative AI experimentation"

Empowering the public sector with secure, governed generative AI experimentation

The Generative AI Sandbox on AWS, powered by Amazon Bedrock Studio, provides a secure, governed, and isolated environment for organizations to explore the power of large language models (LLMs) and other generative artificial intelligence capabilities. Bedrock Studio users can test different LLMs side by side to understand which ones best suit their specific use cases: from drafting policy documents to analyzing public feedback, or creating educational content.

AWS branded background design with text overlay that says "University of British Columbia Cloud Innovation Centre: Governing an innovation hub using AWS management services"

University of British Columbia Cloud Innovation Centre: Governing an innovation hub using AWS management services

In January 2020, Amazon Web Services (AWS) inaugurated a Cloud Innovation Centre (CIC) at the University of British Columbia (UBC). The CIC uses emerging technologies to solve real-world problems and has produced more than 50 prototypes in sectors like healthcare, education, and research. The Centre’s work has involved 300-plus AWS accounts across various groups, including external collaborators, UBC staff, students, and researchers. This post discusses the management of AWS in higher education institutions, emphasizing governance to securely foster innovation without compromising security and detailing policies and responsibilities for managing AWS accounts across projects and research.

AWS branded background design with text overlay that says "Singapore’s EVe harnesses the power of data with help from NTT DATA, AWS"

Singapore’s EVe harnesses the power of data with help from NTT DATA, AWS

In alignment with Singapore’s ambitious sustainability objectives, the Land Transport Authority (LTA) of Singapore is intensifying its efforts to spur the adoption of electric vehicles. This contributes to the nation’s goal of achieving 100 percent cleaner energy vehicles by 2040, and the effort leverages Amazon Web Services (AWS). LTA has set up EV-Electric Charging Pte Ltd (EVe) to manage the deployment of up to 12,000 electric vehicle (EV) charging points distributed across 2,000 Housing Development Board (HDB) carparks.

AWS branded background design with text overlay that says "Web filtering for education using AWS Network Firewall"

Web filtering for education using AWS Network Firewall

Managing access to websites and safeguarding users from harmful content is a critical component of a layered cybersecurity approach, especially in educational settings. Schools and institutions of higher learning have a responsibility to provide a secure online experience for their students and staff. Traditionally, this has been accomplished through on-site web filtering appliances. Amazon Web Services ( AWS) Network Firewall allows customers to filter their outbound web traffic from on-premises environments based on fully qualified domain names (FQDN) or Server Name Indication (SNI) for encrypted traffic. This post will use AWS Client VPN to demonstrate routing and filtering traffic from external resources through Network Firewall.

AWS branded background design with text overlay that says "Building compliant healthcare solutions using Landing Zone Accelerator"

Building compliant healthcare solutions using Landing Zone Accelerator

In this post, we explore the complexities of data privacy and controls on Amazon Web Services (AWS), examine how creating a landing zone within which to contain such data is important, and highlight the differences between creating a landing zone from scratch compared with using the AWS Landing Zone Accelerator (LZA) for Healthcare. To aid explanation, we use a simple healthcare workload as an example. We also explain how LZA for Healthcare codifies HIPAA controls and AWS Security Best Practices to accelerate the creation of an environment to run protective health information workloads in AWS.

Data security and governance best practices for education and state and local government

Many organizations within state and local government (SLG) and education must build digital environments and services that meet a variety of dynamic security and compliance considerations, such as StateRAMP and Federal Information Security Management Act (FISMA). Learn key top-level best practices from AWS for how to use AWS Security Services to meet the unique needs of education and SLG organizations.

IAM Identity Center for AWS environments spanning AWS GovCloud (US) and standard Regions

AWS IAM Identity Center (successor to AWS Single Sign-On) provides administrators with a simple way to manage identity and access (IAM) across numerous AWS accounts. IAM Identity Center is available in the AWS GovCloud (US) Regions, enabling customers to simply manage access to numerous AWS accounts in their AWS GovCloud (US) organizations. In this blog post, learn four different architecture patterns for providing an organization’s AWS users with access to both standard and AWS GovCloud (US) accounts using IAM Identity Center that can help minimize administrative overhead and simplify the user experience.

Enabling SAML AWS SSO GovCloud

Enabling SAML 2.0 federation with AWS IAM Identity Center and AWS GovCloud (US)

AWS IAM Identity Center helps administrators centrally manage access to multiple AWS accounts that are members of an AWS Organization. End users can authenticate and then access all their AWS accounts from a single interface. Using IAM Identity Center as a SAML identity provider for your AWS accounts also has security benefits: user credentials provided via federation are temporary. IAM Identity Center does not automatically detect AWS GovCloud (US) accounts associated with standard AWS accounts in your AWS Organization. IAM Identity Center is also not currently available in AWS GovCloud (US). As a result, IAM Identity Center cannot be used to automatically provision access for your users into an AWS GovCloud (US) account. However, this functionality can be extended to enable federation into AWS GovCloud (US) with a “custom SAML 2.0 application” in IAM Identity Center.