1. F O R E N T E R P R I S E A W S
ADFS + IAM Single Sign On
2. Introduction
Cloud Architect and Engineer
Background in Systems Administration
Large scale E-Commerce systems
Media scale events
Helping companies migrate to Cloud Services
3 Data centre design rebuilds
4 complete migrations to AWS
OpenSource Enthusiast
http://dev.squarecows.com
Yes it pains me to talk about ADFS
3. Why ADFS?
Business Reasons
Little entry cost
Provides your existing business process with the ability to
control access to AWS services
Provides an audit trial (using cloudtrail)
Technical Reasons
SAML integration (Security Assertion Markup Language)
Connects with IAM seamlessly
Uses existing infrastructure
No need to recreate all your users in IAM and manage them by
hand
Map IAM policies to AD Groups
Active Directory Federation Services
4. Deeper into ADFS
My Test Setup
Based on original RE:Invent presentation setup
Single AD server running in AWS
ADFS 2.0 installed on the AD controller
MS Suggested setup
HA AD Servers
Dual ADFS 2.0 stand alone servers
Load balancer for ADFS
7. Setting up IAM
Requirements
AD +ADFS setup
Downloaded ADFS metadata
AWS-Prod and AWS-Dev Groups in AD
A User in these groups
Create Identity Provider on IAM
Create IAM Roles and grant SSO permissions
Setup ADFS Trust and mappings
Identity Access management