AWS Solutions Architect/training/Section 4: AWS Directory Services and Federation

From Freephile Wiki
  • 37. Introduction
  • 38. AWS Directory Services
  • 39. Identity Providers and Federation
  • 40. [HOL] IAM Identity Center IAM Identity Center (the successor to AWS SSO) offers SAML and OIDC options for Single Sign-On. AWS IC is the new thing that AWS will push you towards, and it could make sense for new installations. However, regular IAM isn't going away and if you are already deeply invested in that, you don't want to switch (without a good rationale).
  • 41. Amazon Cognito Key use case is for web and mobile applications. Understand the difference between:
    • Cognito User Pools - where the identities can come from (or they can come from other Identity Providers such as social IdPs/SAML/OIDC)
    • Cognito Identity Pools - used to obtain temporary, limited-privilege credentials (through AWS STS) for AWS services by assuming IAM roles