STS (Security Token Service)
Scenario – 1
- Organizations already have LDAP based products such as Active Directory, OpenLDAP which holds user, group and systems information
- When we want the users of LDAP to also use AWS, Creating IAM users manually is painful as the LDAP user list changes
Solution 1: Sync users between AWS and Active Directory
- We can sync information between On-premises Active Directory and AWS
- This can be acheived by AWS AD Connect Sync
- Rather than having Activity Directory on-premises, make it run on AWS
- This can be acheived by AWS Directory Services Refer Here
- Refer Here
Scenario – 2
- Your organization is building applications.
- The first application which they have is to book movie tickets
- For this application we need to maintain users, These users should not use your AWS account
- These users should be maintained for giving access to Ticket Booking application.
- In this application, we want to add login with
- Now the same organization is building one more app for booking plots, Here also they need to maintain users and logins as mentioned above.
- Google and findout how to solve the above problem.
Identity as a Service (IDaaS)
- AWS => Cognito
- Azure => Azure AD B2C
- It will be difficult for the users to maintain different credentials for different applications => Single Sign On (SSO)