AWS Classroomnotes 30/Aug/2022

STS (Security Token Service)

Scenario – 1

  • Organizations already have LDAP based products such as Active Directory, OpenLDAP which holds user, group and systems information
  • When we want the users of LDAP to also use AWS, Creating IAM users manually is painful as the LDAP user list changes

Solution 1: Sync users between AWS and Active Directory

  • We can sync information between On-premises Active Directory and AWS
  • This can be acheived by AWS AD Connect Sync

Solution 2

  • Rather than having Activity Directory on-premises, make it run on AWS
  • This can be acheived by AWS Directory Services Refer Here
  • Refer Here

Scenario – 2

  • Your organization is building applications.
  • The first application which they have is to book movie tickets
  • For this application we need to maintain users, These users should not use your AWS account
  • These users should be maintained for giving access to Ticket Booking application.
  • In this application, we want to add login with
    • Google
    • Facebook
  • Now the same organization is building one more app for booking plots, Here also they need to maintain users and logins as mentioned above.
  • Activity:
    • Google and findout how to solve the above problem.
  • Identity as a Service (IDaaS)

    • AWS => Cognito
    • Azure => Azure AD B2C
    • Okta
  • It will be difficult for the users to maintain different credentials for different applications => Single Sign On (SSO)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner