book

Implementing Identity Management on AWS

Name: Implementing Identity Management on AWS
Author: Jon Lehtinen
ISBN: 9781800562288

by Jon Lehtinen

October 2021

Intermediate to advanced

504 pages

10h 58m

English

Packt Publishing

Read now

Unlock full access

Implementing Identity Management on AWS
ForewordContributorsAbout the author
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code files Download the color imagesConventions usedGet in touchShare Your Thoughts
Section 1: IAM and AWS – Critical Concepts, Definitions, and Tools
Chapter 1: An Introduction to IAM and AWS IAM Concepts
Technical requirementsUnderstanding IAMIAM applied to real-world use casesExploring AWS IAMIAM for AWS and IAM on AWSThe AWS IAM dashboardPrincipals, users, roles, and groups – getting to know the building blocks of AWS IAMAuthentication – proving you are who you say you areAuthorization – what you are allowed to do and why you are allowed to do itPutting it all togetherSigning in with the root userSummaryQuestions
Chapter 2: An Introduction to the AWS CLI
Technical requirementsExploring the AWS CLI basicsWhat is the AWS CLI?Installing the AWS CLIAWS CLI configurationTesting out the CLIProfilesUsing the AWS CLIDiscovering command syntaxPutting it all together – creating a functional IAM user with the AWS CLIAttaching an administrator policyCreating and attaching a passwordCreating and attaching the programmatic credentialsUsing the new profileScriptingSummaryQuestionsFurther reading
Chapter 3: IAM User Management
Technical requirementsWhat is an IAM user account?PrincipalsManaging and securing root IAM user accountsDifferences between root user account and IAM user accountsManaging and securing IAM user accountsIAM user lifecycle managementPassword managementAccess key managementMFA credential managementManaging federated user accountsAWS Single Sign-On and federated usersSummaryQuestions
Chapter 4: Access Management, Policies, and Permissions
Technical requirementsWhat is access management?Introducing the AWS access policy typesThe anatomy of an AWS JSON policy documentDefining JSON policy document elementsExploring the AWS policy typesIdentity-based policiesResource-based policiesIAM permissions boundariesService control policiesAccess control listsSession policiesPolicy evaluationGovernanceAccess AnalyzerAWS CloudTrailSummaryQuestionsFurther reading
Chapter 5: Introducing Amazon Cognito
Technical requirementsWhat is Amazon Cognito?Amazon Cognito user poolsAmazon Cognito identity poolsAmazon Cognito use casesUser authentication for application accessUser authentication and authorization for access to application resourcesUser authentication and access to AWS services exposed through an applicationFederated user authentication and access to AWS services exposed through an applicationCreating an Amazon Cognito user poolPopulating users in a user poolBulk importing with CSV filesCreating a user pool using the AWS CLIExploring the hosted UICreating an Amazon Cognito identity poolCreating an identity pool with the CLISummaryQuestions
Chapter 6: Introduction to AWS Organizations and AWS Single Sign-On
Technical requirementsWhat is AWS SSO?Requirements to use AWS SSOAWS OrganizationsConfiguring AWS Organizations using the Management ConsoleAWS organizations in the AWS CLIConfiguring AWS SSO in the Management ConsoleAWS SSO settingsCreating and managing usersConnecting AWS accounts to AWS SSOConfiguring AWS SSO from the CLISummaryQuestionsFurther reading
Chapter 7: Other AWS Identity Services
Technical requirementsUnderstanding AWS Directory ServiceAWS Managed Microsoft ADActive Directory ConnectorSimple Active DirectoryAmazon CognitoEncryption and secrets managementAWS Key Management ServiceAWS Secrets ManagerLogging and auditingAWS CloudTrailAmazon CloudWatchSummaryQuestionsFurther reading

Section 2: Implementing IAM on AWS for Administrative Use Cases
Chapter 8: An Ounce of Prevention – Planning Your Administrative Model
Technical requirementsEvaluating the organization's current IAM capabilitiesEvaluating the business structure and account schemaDesigning the AWS organizational structureMapping business functions to OUsDesigning and applying organizational service control policiesSummaryQuestionsFurther reading
Chapter 9: Bringing Your Admins into the AWS Administrative Backplane
Technical requirementsDefining our organization's identity sourceConnecting our IDP to AWS SSOProvisioning administrative accounts in AWS – account linkingLimitations of manual provisioning and account linking Provisioning administrative accounts in AWS – SCIM provisioningHow SCIM worksEnabling automatic provisioning in AWS SSOSCIM in actionSummaryQuestionsFurther readingCode samples
Chapter 10: Administrative Single Sign-On to the AWS Backplane
Technical requirementsWhy use federation for AWS administrators?Federated sign-in using an external IDPAssigning access to AWS accountsSigning in to the administrative consoleImplementing fine-grained access management for administratorsPermission sets and managed authorization policiesPermission sets and custom authorization policies for fine-grained access controlPutting it all together for administrative authorizationAdministrative SSO using the AWS CLISummaryQuestionsFurther reading
Section 3: Implementing IAM on AWS for Application Use Cases
Chapter 11: Bringing Your Users into AWS
Technical requirementsDistinguishing administrative users from non-administrative usersSolutions to non-administrative user use cases for apps on AWSUsing Managed AD and trusts Creating a Managed Microsoft AD instancePreparing the on-premises AD for a trust – conditional forwardersCreating the trusts between on-premises and AWS Managed ADPreparing the Managed AD for a trust – conditional forwardersCreating the trust between AWS Managed AD and on-premises ADSummaryQuestionsFurther reading
Chapter 12: AWS-Hosted Application Single Sign-On Using an Existing Identity Provider
Technical requirementsDefining the use case and solution architectureCreating a user poolConnecting Amazon Cognito to an external IdP – SAMLRestricting application access to just the external IdPPopulating the Amazon Cognito user pool through JIT provisioningConnecting Amazon Cognito to an external IdP – OIDCRestricting application access to just the external IdPPopulating the Amazon Cognito user pool through JIT provisioningAssuming roles with identity poolsSummaryQuestionsFurther reading
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts

Content preview from Implementing Identity Management on AWS

Section 1: IAM and AWS – Critical Concepts, Definitions, and Tools

Identity is the most granular unit of security. To ensure the confidentiality, integrity, and availability of a system, that system's infrastructure, applications, APIs, and endpoints must all be identifiable, authenticated, and authorized in order to perform its functions. The AWS platform operates under a rigid identity-centric model. Bridging that model with your own organization's identity implementation can be daunting. At the end of this section, you will understand the industry-standard and AWS-specific IAM terminology that will be referenced throughout this book. You will also learn about best-practice access management patterns and the tools available to implement ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781800562288

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Implementing Identity Management on AWS

by Jon Lehtinen

Section 1: IAM and AWS – Critical Concepts, Definitions, and Tools

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.