AWS supports identity federation using SAML (Security Assertion Markup Language) 2.0. Using SAML, you can configure your AWS accounts to integrate with your identity provider (IdP). Your federated users then are authenticated and authorized by your organization's IdP, and they can use single sign-on (SSO) to access AWS.
In this workshop, you choose your own path through the exercises to direct yourself to the technologies and use cases that matter to you. We start by guiding you through deploying an IdP and configuring SAML federation for AWS, including federated CLI access. We will then continue to walk you through a number of advanced SAML use cases, including how to:
Write S3 bucket policies for specific federated users.
Use SAML attributes to enforce additional authorization requirements.
Automate federation configurations across a large number of AWS accounts.
Implement other advanced SAML use cases for AWS.