Implementing Identity Management on AWS: A real-world guide to solving customer and workforce IAM challenges in your AWS cloud environments

✍ Scribed by Jon Lehtinen

Publisher: Packt Publishing
Tongue: English
Leaves: 504
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

Understand the IAM toolsets, capabilities, and paradigms of the AWS platform and learn how to apply practical identity use cases to AWS at the administrative and application level

Key Features

Learn administrative lifecycle management and authorization
Extend workforce identity to AWS for applications deployed to Amazon Web Services (AWS)
Understand how to use native AWS IAM capabilities with apps deployed to AWS

Book Description

AWS identity management offers a powerful yet complex array of native capabilities and connections to existing enterprise identity systems for administrative and application identity use cases. This book breaks down the complexities involved by adopting a use-case-driven approach that helps identity and cloud engineers understand how to use the right mix of native AWS capabilities and external IAM components to achieve the business and security outcomes they want.

You will begin by learning about the IAM toolsets and paradigms within AWS. This will allow you to determine how to best leverage them for administrative control, extending workforce identities to the cloud, and using IAM toolsets and paradigms on an app deployed on AWS. Next, the book demonstrates how to extend your on-premise administrative IAM capabilities to the AWS backplane, as well as how to make your workforce identities available for AWS-deployed applications. In the concluding chapters, you'll learn how to use the native identity services with applications deployed on AWS.

By the end of this IAM Amazon Web Services book, you will be able to build enterprise-class solutions for administrative and application identity using AWS IAM tools and external identity systems.

What you will learn

Understand AWS IAM concepts, terminology, and services
Explore AWS IAM, Amazon Cognito, AWS SSO, and AWS Directory Service to solve customer and workforce identity problems
Apply the concepts you learn about to solve business, process, and compliance challenges when expanding into AWS
Navigate the AWS CLI to unlock the programmatic administration of AWS
Explore how AWS IAM, its policy objects, and notational language can be applied to solve security and access management use cases
Relate concepts easily to your own environment through IAM patterns and best practices

Who this book is for

Identity engineers and administrators, cloud administrators, security architects, or anyone who wants to explore and manage IAM solutions in AWS will find this book useful. Basic knowledge of AWS cloud infrastructure and services is required to understand the concepts covered in the book more effectively.

An Introduction to IAM and AWS IAM Concepts
An Introduction to the AWS CLI
IAM User Management
Access Management, Policies, and Permissions
Introducing Amazon Cognito
Introduction to AWS Organizations and AWS Single Sign-On
Other AWS Identity Services
An Ounce of Prevention – Planning Your Administrative Model
Bringing Your Admins into the AWS Administrative Backplane
Administrative Single-Sign On to the AWS Backplane
Bring Your Users into AWS
AWS-Hosted Application Single Sign-On Using an Existing Identity Provider

✦ Table of Contents

Cover
Title page
Copyright and Credits
Dedication
Foreword
Contributors
Table of Contents
Preface
Section 1: IAM and AWS – Critical Concepts, Definitions, and Tools
Chapter 1: An Introduction to IAM and AWS IAM Concepts
Technical requirements
Understanding IAM
IAM applied to real-world use cases
Exploring AWS IAM
IAM for AWS and IAM on AWS
The AWS IAM dashboard
Principals, users, roles, and groups – getting to know the building blocks of AWS IAM
Authentication – proving you are who you say you are
Authorization – what you are allowed to do and why you are allowed to do it
Putting it all together
Signing in with the root user
Summary
Questions
Chapter 2: An Introduction to the AWS CLI
Technical requirements
Exploring the AWS CLI basics
What is the AWS CLI?
Installing the AWS CLI
AWS CLI configuration
Testing out the CLI
Profiles
Using the AWS CLI
Discovering command syntax
Putting it all together – creating a functional IAM user with the AWS CLI
Attaching an administrator policy
Creating and attaching a password
Creating and attaching the programmatic credentials
Using the new profile
Scripting
Summary
Questions
Further reading
Chapter 3: IAM User Management
Technical requirements
What is an IAM user account?
Principals
Managing and securing root IAM user accounts
Differences between root user account and IAM user accounts
Managing and securing IAM user accounts
IAM user lifecycle management
Password management
Access key management
MFA credential management
Managing federated user accounts
AWS Single Sign-On and federated users
Summary
Questions
Chapter 4: Access Management, Policies, and Permissions
Technical requirements
What is access management?
Introducing the AWS access policy types
The anatomy of an AWS JSON policy document
Defining JSON policy document elements
Exploring the AWS policy types
Identity-based policies
Resource-based policies
IAM permissions boundaries
Service control policies
Access control lists
Session policies
Policy evaluation
Governance
Access Analyzer
AWS CloudTrail
Summary
Questions
Further reading
Chapter 5: Introducing Amazon Cognito
Technical requirements
What is Amazon Cognito?
Amazon Cognito user pools
Amazon Cognito identity pools
Amazon Cognito use cases
User authentication for application access
User authentication and authorization for access to application resources
User authentication and access to AWS services exposed through an application
Federated user authentication and access to AWS services exposed through an application
Creating an Amazon Cognito user pool
Populating users in a user pool
Bulk importing with CSV files
Creating a user pool using the AWS CLI
Exploring the hosted UI
Creating an Amazon Cognito identity pool
Creating an identity pool with the CLI
Summary
Questions
Chapter 6: Introduction to AWS Organizations and AWS Single Sign-On
Technical requirements
What is AWS SSO?
Requirements to use AWS SSO
AWS Organizations
Configuring AWS Organizations using the Management Console
AWS organizations in the AWS CLI
Configuring AWS SSO in the Management Console
AWS SSO settings
Creating and managing users
Connecting AWS accounts to AWS SSO
Configuring AWS SSO from the CLI
Summary
Questions
Further reading
Chapter 7: Other AWS Identity Services
Technical requirements
Understanding AWS Directory Service
AWS Managed Microsoft AD
Active Directory Connector
Simple Active Directory
Amazon Cognito
Encryption and secrets management
AWS Key Management Service
AWS Secrets Manager
Logging and auditing
AWS CloudTrail
Amazon CloudWatch
Summary
Questions
Further reading
Section 2: Implementing IAM on AWS for Administrative Use Cases
Chapter 8: An Ounce of Prevention – Planning Your Administrative Model
Technical requirements
Evaluating the organization's current IAM capabilities
Evaluating the business structure and account schema
Designing the AWS organizational structure
Mapping business functions to OUs
Designing and applying organizational service control policies
Summary
Questions
Further reading
Chapter 9: Bringing Your Admins into the AWS Administrative Backplane
Technical requirements
Defining our organization's identity source
Connecting our IDP to AWS SSO
Provisioning administrative accounts in AWS – account linking
Limitations of manual provisioning and account linking
Provisioning administrative accounts in AWS – SCIM provisioning
How SCIM works
Enabling automatic provisioning in AWS SSO
SCIM in action
Summary
Questions
Further reading
Code samples
Chapter 10: Administrative Single Sign-On to the AWS Backplane
Technical requirements
Why use federation for AWS administrators?
Federated sign-in using an external IDP
Assigning access to AWS accounts
Signing in to the administrative console
Implementing fine-grained access management for administrators
Permission sets and managed authorization policies
Permission sets and custom authorization policies for fine-grained access control
Putting it all together for administrative authorization
Administrative SSO using the AWS CLI
Summary
Questions
Further reading
Section 3: Implementing IAM on AWS for Application Use Cases
Chapter 11: Bringing Your Users into AWS
Technical requirements
Distinguishing administrative users from non-administrative users
Solutions to non-administrative user use cases for apps on AWS
Using Managed AD and trusts
Creating a Managed Microsoft AD instance
Preparing the on-premises AD for a trust – conditional forwarders
Creating the trusts between on-premises and AWS Managed AD
Preparing the Managed AD for a trust – conditional forwarders
Creating the trust between AWS Managed AD and on-premises AD
Summary
Questions
Further reading
Chapter 12: AWS-Hosted Application Single Sign-On Using an Existing Identity Provider
Technical requirements
Defining the use case and solution architecture
Creating a user pool
Connecting Amazon Cognito to an external IdP – SAML
Restricting application access to just the external IdP
Populating the Amazon Cognito user pool through JIT provisioning
Connecting Amazon Cognito to an external IdP – OIDC
Restricting application access to just the external IdP
Populating the Amazon Cognito user pool through JIT provisioning
Assuming roles with identity pools
Summary
Questions
Further reading
About Packt
Other Books You May Enjoy
Index

📜 SIMILAR VOLUMES

Implementing Identity Management on AWS

📁 Implementing Identity Management on AWS

✍ Jon Lehtinen; Steve Hutch Hutchinson 📂 Library 📅 2021 🏛 Packt Publishing 🌐 English

Implementing AWS: Design, Build, and Man

📁 Implementing AWS: Design, Build, and Manage your Infrastructure: Leverage AWS features to build highly secure, fault-tolerant, and scalable cloud environments

✍ Yohan Wadia; Rowan Udell; Lucas Chan; Udita Gupta 📂 Library 📅 2019 🏛 Packt Publishing 🌐 English

Work through exciting recipes to administer your AWS cloudKey Features<li>Build secure environments using AWS components and services<li>Explore core AWS features with real-world applications and best practices<li>Design and build Lambda functions using real-world examples<

AWS SysOps cookbook : practical recipes

📁 AWS SysOps cookbook : practical recipes to build, automate, and manage your AWS-based cloud environments

✍ Lucas Chan; Rowan Udell; Eric Z. Beard 📂 Library 📅 2019 🌐 English

The Illustrated AWS Cloud: A Guide to He

📁 The Illustrated AWS Cloud: A Guide to Help You on Your Cloud Practitioner Journey

✍ Jen Looper; Denise Yu 📂 Library 📅 2023 🏛 Wiley 🌐 English

An intuitive, fully illustrated guide to Amazon Web Services for the visually oriented In The Illustrated AWS Cloud: A Guide to Help You On Your Cloud Practitioner Journey, a team of veteran tech educators delivers a visual and entertaining guide to Amazon Web Services cloud concepts. The authors

The Ultimate AWS® Certified Cloud Practi

📁 The Ultimate AWS® Certified Cloud Practitioner Training Manual: The complete guide to get you AWS Cloud Practitioner certified on your first attempt

✍ iCertify Training 📂 Library 📅 2021 🌐 English

This course covers the following concepts:<ul><li>Cloud Concepts Introduction</li><li>AWS Core Services</li><li>AWS Enhanced Services</li><li>AWS Architecting</li><li>Security</li><li>Pricing and Support</li></ul> Domain 1: Cloud Concepts 1.1 Define the AWS Cloud and its value proposition

Learning Amazon Web Services (AWS): A Ha

📁 Learning Amazon Web Services (AWS): A Hands-On Guide to the Fundamentals of AWS Cloud

✍ Mark Wilkins 📂 Library 📅 2019 🏛 Addison-Wesley Professional 🌐 English

Learning Amazon Web Services (AWS) is a clear, complete, practical, and hands-on introduction to the world’s leading cloud platform -- a perfect resource for everyone who needs to understand AWS, whatever their previous IT background. Top cloud trainer and evangelist Mark W