It's always gratifying to find another community of users who have discovered just what a benefit identity can be to their security and application deployments.
During the webinar, I walked through three specific use cases for federation and AWS. The first two use cases focused on running identity management applications within EC2 instances. The first use case was running a federation IDP inside EC2, and the second case leveraged a federation SP inside EC2.
For the most part this is straightforward stuff, as long as you understand the difference between AWS service entitlements (controlling the "outside" of EC2) and resource entitlements (resources running inside the EC2 instance outside the reach of the AWS identity subsystem).
The third use case is perhaps the most interesting. It focused on some relatively new capabilities introduced in Q4 of 2013--AWS as federation SP.
With the new capabilities, organizations can leverage third-party identity tools to integrate directly with AWS. Before this functionality existed, AWS lacked a standards-based approach for federation. The result was increased security concerns and complexity for the organization. With the new standards-based approach, the organization gets out of the business of storing user and privileged identity keys, and out of the business of writing custom security services.
AWS takes care of all that with help from third-party identity tools. In the webinar, I showed PingFederate running as an IDP inside an EC2 instance, providing authentication and authorization services to AWS. The AWS console is able to accept SAML credentials--turning out AWS user credentials for access to services.
There is no doubt AWS is growing into an important part of the modern identity conversation. Four of AWS' best identity experts will share their knowledge at the upcoming Cloud Identity Summit, July 19-22 in Monterey, CA. The conference agenda includes Jim Scharf talking about identity management for the cloud, Ben Brauer on securing AWS environments, Shon Shah on delegating access in AWS environments and Conor Cahill on federating accessing AWS environments.