SlideShare a Scribd company logo
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
BENGALURU
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Identity Federation
with AWS Cognito
Kumaravel Ponnusamy | 25-09-2018
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Objective
• To share the knowledge and learnings in the Identity federation with
Cognito.
• Outlining the challenges and solutions pertaining to Single Sign On,
IAM policies and securing the tokens.
• Communicating with third party authentication provider and federating it
with the help of Cognito identity pool to access the AWS resources in
secure way of access to the AWS services.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Introduction
• We developed a web based front end application, which would connect
with AWS Serverless architecture.
• We have implemented the application with a custom authentication &
Authorization method to communicate with AWS.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Over All Flow
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Business case
• Low cost of authentication and authorization.
• Interoperability within AWS Services.
• Secure communication with IoT Devices.
• Managing secure tokens between user sessions.
• Serverless application to achieve single-sign-on.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
• Auth0
• AWS IAM
• AWS Cognito federated identity
• AWS Resources
Tools & Components
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Challenges:
• Secured way of sharing the temporary credentials to front end.
• Time expiry of temporary credentials from Cognito.
• Attaching AWS Resource policies to the Authenticated identity.
• Connecting MQTT to AWS IoT using temporary credentials based on
RBAC.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Solutions
• Auth0 connectivity with IAM
• Adding Auth0 in IAM Identity provider using
following params:
• Client ID
• Client secret
• Identity provider URL
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Solutions (Contd..)
• Cognito Identity pool
• Create federated identity which
should be mapped with following
params:
• IAM Authenticated role
• IAM Unauthenticated role
• Identity provider in OpenID
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Solutions (Contd..)
• The session token and security key is passed to the front end using
lambda. Using sigv4 and crypto libraries front end will connected to the
AWS resources using temporary credentials.
• The session token will get expired in a particular time period even the
user in active mode.
• To avoid that use the auto renewal token to get session token before it
gets expired.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Questions?
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you

More Related Content

What's hot

Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon Web Services
 
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Amazon Web Services
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Amazon Web Services
 
Kondo-ing API Authorization
Kondo-ing API AuthorizationKondo-ing API Authorization
Kondo-ing API Authorization
Nordic APIs
 
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
Amazon Web Services
 
Mining API Traffic Metadata
Mining API Traffic MetadataMining API Traffic Metadata
Mining API Traffic Metadata
Nordic APIs
 
Secure Your Customer Data from Day 1
Secure Your Customer Data from Day 1 Secure Your Customer Data from Day 1
Secure Your Customer Data from Day 1
Amazon Web Services
 
Let’s Talk About the Ipro Platform
Let’s Talk About the Ipro PlatformLet’s Talk About the Ipro Platform
Let’s Talk About the Ipro Platform
Ipro Tech
 
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
Amazon Web Services
 
Enabling the Media Community
Enabling the Media CommunityEnabling the Media Community
Enabling the Media Community
Amazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
Amazon Web Services
 
The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018
The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018
The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018
Amazon Web Services
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS
Amazon Web Services
 
Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...
Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...
Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...
Amazon Web Services
 
Serverless (Headless) Retail Technologies at Scale (RET302) - AWS re:Invent 2018
Serverless (Headless) Retail Technologies at Scale (RET302) - AWS re:Invent 2018Serverless (Headless) Retail Technologies at Scale (RET302) - AWS re:Invent 2018
Serverless (Headless) Retail Technologies at Scale (RET302) - AWS re:Invent 2018
Amazon Web Services
 
Opening: The M&E Industry, Drivers for Change, and the Agenda for the Day
Opening: The M&E Industry, Drivers for Change, and the Agenda for the DayOpening: The M&E Industry, Drivers for Change, and the Agenda for the Day
Opening: The M&E Industry, Drivers for Change, and the Agenda for the Day
Amazon Web Services
 
Why Public Sector Customers are Moving to the Cloud: Benefits, Security, Cost...
Why Public Sector Customers are Moving to the Cloud: Benefits, Security, Cost...Why Public Sector Customers are Moving to the Cloud: Benefits, Security, Cost...
Why Public Sector Customers are Moving to the Cloud: Benefits, Security, Cost...
Amazon Web Services
 
Cloud Procurement in Public Sector - Making It Work - AWS Public Sector Summi...
Cloud Procurement in Public Sector - Making It Work - AWS Public Sector Summi...Cloud Procurement in Public Sector - Making It Work - AWS Public Sector Summi...
Cloud Procurement in Public Sector - Making It Work - AWS Public Sector Summi...
Amazon Web Services
 
[NEW LAUNCH!] Introducing AWS IoT Things Graph (IOT366) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS IoT Things Graph (IOT366) - AWS re:Invent 2018[NEW LAUNCH!] Introducing AWS IoT Things Graph (IOT366) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS IoT Things Graph (IOT366) - AWS re:Invent 2018
Amazon Web Services
 
AWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPRAWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPR
Amazon Web Services
 

What's hot (20)

Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...
 
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
 
Kondo-ing API Authorization
Kondo-ing API AuthorizationKondo-ing API Authorization
Kondo-ing API Authorization
 
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
 
Mining API Traffic Metadata
Mining API Traffic MetadataMining API Traffic Metadata
Mining API Traffic Metadata
 
Secure Your Customer Data from Day 1
Secure Your Customer Data from Day 1 Secure Your Customer Data from Day 1
Secure Your Customer Data from Day 1
 
Let’s Talk About the Ipro Platform
Let’s Talk About the Ipro PlatformLet’s Talk About the Ipro Platform
Let’s Talk About the Ipro Platform
 
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
 
Enabling the Media Community
Enabling the Media CommunityEnabling the Media Community
Enabling the Media Community
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018
The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018
The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS
 
Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...
Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...
Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...
 
Serverless (Headless) Retail Technologies at Scale (RET302) - AWS re:Invent 2018
Serverless (Headless) Retail Technologies at Scale (RET302) - AWS re:Invent 2018Serverless (Headless) Retail Technologies at Scale (RET302) - AWS re:Invent 2018
Serverless (Headless) Retail Technologies at Scale (RET302) - AWS re:Invent 2018
 
Opening: The M&E Industry, Drivers for Change, and the Agenda for the Day
Opening: The M&E Industry, Drivers for Change, and the Agenda for the DayOpening: The M&E Industry, Drivers for Change, and the Agenda for the Day
Opening: The M&E Industry, Drivers for Change, and the Agenda for the Day
 
Why Public Sector Customers are Moving to the Cloud: Benefits, Security, Cost...
Why Public Sector Customers are Moving to the Cloud: Benefits, Security, Cost...Why Public Sector Customers are Moving to the Cloud: Benefits, Security, Cost...
Why Public Sector Customers are Moving to the Cloud: Benefits, Security, Cost...
 
Cloud Procurement in Public Sector - Making It Work - AWS Public Sector Summi...
Cloud Procurement in Public Sector - Making It Work - AWS Public Sector Summi...Cloud Procurement in Public Sector - Making It Work - AWS Public Sector Summi...
Cloud Procurement in Public Sector - Making It Work - AWS Public Sector Summi...
 
[NEW LAUNCH!] Introducing AWS IoT Things Graph (IOT366) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS IoT Things Graph (IOT366) - AWS re:Invent 2018[NEW LAUNCH!] Introducing AWS IoT Things Graph (IOT366) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS IoT Things Graph (IOT366) - AWS re:Invent 2018
 
AWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPRAWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPR
 

Similar to Identity federation with AWS Cognito

Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Amazon Web Services
 
Build a Social News App with Android and AWS (MOB307) - AWS re:Invent 2018
Build a Social News App with Android and AWS (MOB307) - AWS re:Invent 2018Build a Social News App with Android and AWS (MOB307) - AWS re:Invent 2018
Build a Social News App with Android and AWS (MOB307) - AWS re:Invent 2018
Amazon Web Services
 
SID305 AWS Certificate Manager Private CA
SID305 AWS Certificate Manager Private CASID305 AWS Certificate Manager Private CA
SID305 AWS Certificate Manager Private CA
Amazon Web Services
 
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
Amazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
Amazon Web Services
 
AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...
AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...
AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...
Amazon Web Services
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
Amazon Web Services
 
Virtual_Insurers_New_Tools_For_A_New_World
Virtual_Insurers_New_Tools_For_A_New_WorldVirtual_Insurers_New_Tools_For_A_New_World
Virtual_Insurers_New_Tools_For_A_New_World
Amazon Web Services
 
AWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_SingaporeAWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_Singapore
Amazon Web Services
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
Amazon Web Services
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Amazon Web Services
 
Building Blockchain Platforms Beyond a Proof of Concept (GPSTEC317) - AWS re:...
Building Blockchain Platforms Beyond a Proof of Concept (GPSTEC317) - AWS re:...Building Blockchain Platforms Beyond a Proof of Concept (GPSTEC317) - AWS re:...
Building Blockchain Platforms Beyond a Proof of Concept (GPSTEC317) - AWS re:...
Amazon Web Services
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
Amazon Web Services
 
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Amazon Web Services
 
Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...
Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...
Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...
Amazon Web Services
 
AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3
Amazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Amazon Web Services
 
Enabling a Digital Platform with Microservices Architecture (ARC218-S) - AWS ...
Enabling a Digital Platform with Microservices Architecture (ARC218-S) - AWS ...Enabling a Digital Platform with Microservices Architecture (ARC218-S) - AWS ...
Enabling a Digital Platform with Microservices Architecture (ARC218-S) - AWS ...
Amazon Web Services
 
Update on AWS China Regions and Technical Best Practices (GCR201) - AWS re:In...
Update on AWS China Regions and Technical Best Practices (GCR201) - AWS re:In...Update on AWS China Regions and Technical Best Practices (GCR201) - AWS re:In...
Update on AWS China Regions and Technical Best Practices (GCR201) - AWS re:In...
Amazon Web Services
 
Introduction to Serverless computing and AWS Lambda - Floor28
Introduction to Serverless computing and AWS Lambda - Floor28Introduction to Serverless computing and AWS Lambda - Floor28
Introduction to Serverless computing and AWS Lambda - Floor28
Boaz Ziniman
 

Similar to Identity federation with AWS Cognito (20)

Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
 
Build a Social News App with Android and AWS (MOB307) - AWS re:Invent 2018
Build a Social News App with Android and AWS (MOB307) - AWS re:Invent 2018Build a Social News App with Android and AWS (MOB307) - AWS re:Invent 2018
Build a Social News App with Android and AWS (MOB307) - AWS re:Invent 2018
 
SID305 AWS Certificate Manager Private CA
SID305 AWS Certificate Manager Private CASID305 AWS Certificate Manager Private CA
SID305 AWS Certificate Manager Private CA
 
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
 
AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...
AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...
AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
 
Virtual_Insurers_New_Tools_For_A_New_World
Virtual_Insurers_New_Tools_For_A_New_WorldVirtual_Insurers_New_Tools_For_A_New_World
Virtual_Insurers_New_Tools_For_A_New_World
 
AWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_SingaporeAWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_Singapore
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
 
Building Blockchain Platforms Beyond a Proof of Concept (GPSTEC317) - AWS re:...
Building Blockchain Platforms Beyond a Proof of Concept (GPSTEC317) - AWS re:...Building Blockchain Platforms Beyond a Proof of Concept (GPSTEC317) - AWS re:...
Building Blockchain Platforms Beyond a Proof of Concept (GPSTEC317) - AWS re:...
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
 
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
 
Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...
Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...
Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...
 
AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
 
Enabling a Digital Platform with Microservices Architecture (ARC218-S) - AWS ...
Enabling a Digital Platform with Microservices Architecture (ARC218-S) - AWS ...Enabling a Digital Platform with Microservices Architecture (ARC218-S) - AWS ...
Enabling a Digital Platform with Microservices Architecture (ARC218-S) - AWS ...
 
Update on AWS China Regions and Technical Best Practices (GCR201) - AWS re:In...
Update on AWS China Regions and Technical Best Practices (GCR201) - AWS re:In...Update on AWS China Regions and Technical Best Practices (GCR201) - AWS re:In...
Update on AWS China Regions and Technical Best Practices (GCR201) - AWS re:In...
 
Introduction to Serverless computing and AWS Lambda - Floor28
Introduction to Serverless computing and AWS Lambda - Floor28Introduction to Serverless computing and AWS Lambda - Floor28
Introduction to Serverless computing and AWS Lambda - Floor28
 

More from AWS User Group Bengaluru

Demystifying identity on AWS
Demystifying identity on AWSDemystifying identity on AWS
Demystifying identity on AWS
AWS User Group Bengaluru
 
AWS Secrets for Best Practices
AWS Secrets for Best PracticesAWS Secrets for Best Practices
AWS Secrets for Best Practices
AWS User Group Bengaluru
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Lessons learnt building a Distributed Linked List on S3
Lessons learnt building a Distributed Linked List on S3Lessons learnt building a Distributed Linked List on S3
Lessons learnt building a Distributed Linked List on S3
AWS User Group Bengaluru
 
Medlife journey with AWS
Medlife journey with AWSMedlife journey with AWS
Medlife journey with AWS
AWS User Group Bengaluru
 
Building Efficient, Scalable and Resilient Front-end logging service with AWS
Building Efficient, Scalable and Resilient Front-end logging service with AWSBuilding Efficient, Scalable and Resilient Front-end logging service with AWS
Building Efficient, Scalable and Resilient Front-end logging service with AWS
AWS User Group Bengaluru
 
Exploring opportunities with communities for a successful career
Exploring opportunities with communities for a successful careerExploring opportunities with communities for a successful career
Exploring opportunities with communities for a successful career
AWS User Group Bengaluru
 
Slack's transition away from a single AWS account
Slack's transition away from a single AWS accountSlack's transition away from a single AWS account
Slack's transition away from a single AWS account
AWS User Group Bengaluru
 
Log analytics with ELK stack
Log analytics with ELK stackLog analytics with ELK stack
Log analytics with ELK stack
AWS User Group Bengaluru
 
Serverless Culture
Serverless CultureServerless Culture
Serverless Culture
AWS User Group Bengaluru
 
Refactoring to serverless
Refactoring to serverlessRefactoring to serverless
Refactoring to serverless
AWS User Group Bengaluru
 
Amazon EC2 Spot Instances Workshop
Amazon EC2 Spot Instances WorkshopAmazon EC2 Spot Instances Workshop
Amazon EC2 Spot Instances Workshop
AWS User Group Bengaluru
 
Building Efficient, Scalable and Resilient Front-end logging service with AWS
Building Efficient, Scalable and Resilient Front-end logging service with AWSBuilding Efficient, Scalable and Resilient Front-end logging service with AWS
Building Efficient, Scalable and Resilient Front-end logging service with AWS
AWS User Group Bengaluru
 
Medlife's journey with AWS from 0(zero) orders to 6 digit mark
Medlife's journey with AWS from 0(zero) orders to 6 digit markMedlife's journey with AWS from 0(zero) orders to 6 digit mark
Medlife's journey with AWS from 0(zero) orders to 6 digit mark
AWS User Group Bengaluru
 
AWS Secrets for Best Practices
AWS Secrets for Best PracticesAWS Secrets for Best Practices
AWS Secrets for Best Practices
AWS User Group Bengaluru
 
Exploring opportunities with communities for a successful career
Exploring opportunities with communities for a successful careerExploring opportunities with communities for a successful career
Exploring opportunities with communities for a successful career
AWS User Group Bengaluru
 
Lessons learnt building a Distributed Linked List on S3
Lessons learnt building a Distributed Linked List on S3Lessons learnt building a Distributed Linked List on S3
Lessons learnt building a Distributed Linked List on S3
AWS User Group Bengaluru
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Amazon EC2 Spot Instances
Amazon EC2 Spot InstancesAmazon EC2 Spot Instances
Amazon EC2 Spot Instances
AWS User Group Bengaluru
 
Cost Optimization in AWS
Cost Optimization in AWSCost Optimization in AWS
Cost Optimization in AWS
AWS User Group Bengaluru
 

More from AWS User Group Bengaluru (20)

Demystifying identity on AWS
Demystifying identity on AWSDemystifying identity on AWS
Demystifying identity on AWS
 
AWS Secrets for Best Practices
AWS Secrets for Best PracticesAWS Secrets for Best Practices
AWS Secrets for Best Practices
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Lessons learnt building a Distributed Linked List on S3
Lessons learnt building a Distributed Linked List on S3Lessons learnt building a Distributed Linked List on S3
Lessons learnt building a Distributed Linked List on S3
 
Medlife journey with AWS
Medlife journey with AWSMedlife journey with AWS
Medlife journey with AWS
 
Building Efficient, Scalable and Resilient Front-end logging service with AWS
Building Efficient, Scalable and Resilient Front-end logging service with AWSBuilding Efficient, Scalable and Resilient Front-end logging service with AWS
Building Efficient, Scalable and Resilient Front-end logging service with AWS
 
Exploring opportunities with communities for a successful career
Exploring opportunities with communities for a successful careerExploring opportunities with communities for a successful career
Exploring opportunities with communities for a successful career
 
Slack's transition away from a single AWS account
Slack's transition away from a single AWS accountSlack's transition away from a single AWS account
Slack's transition away from a single AWS account
 
Log analytics with ELK stack
Log analytics with ELK stackLog analytics with ELK stack
Log analytics with ELK stack
 
Serverless Culture
Serverless CultureServerless Culture
Serverless Culture
 
Refactoring to serverless
Refactoring to serverlessRefactoring to serverless
Refactoring to serverless
 
Amazon EC2 Spot Instances Workshop
Amazon EC2 Spot Instances WorkshopAmazon EC2 Spot Instances Workshop
Amazon EC2 Spot Instances Workshop
 
Building Efficient, Scalable and Resilient Front-end logging service with AWS
Building Efficient, Scalable and Resilient Front-end logging service with AWSBuilding Efficient, Scalable and Resilient Front-end logging service with AWS
Building Efficient, Scalable and Resilient Front-end logging service with AWS
 
Medlife's journey with AWS from 0(zero) orders to 6 digit mark
Medlife's journey with AWS from 0(zero) orders to 6 digit markMedlife's journey with AWS from 0(zero) orders to 6 digit mark
Medlife's journey with AWS from 0(zero) orders to 6 digit mark
 
AWS Secrets for Best Practices
AWS Secrets for Best PracticesAWS Secrets for Best Practices
AWS Secrets for Best Practices
 
Exploring opportunities with communities for a successful career
Exploring opportunities with communities for a successful careerExploring opportunities with communities for a successful career
Exploring opportunities with communities for a successful career
 
Lessons learnt building a Distributed Linked List on S3
Lessons learnt building a Distributed Linked List on S3Lessons learnt building a Distributed Linked List on S3
Lessons learnt building a Distributed Linked List on S3
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Amazon EC2 Spot Instances
Amazon EC2 Spot InstancesAmazon EC2 Spot Instances
Amazon EC2 Spot Instances
 
Cost Optimization in AWS
Cost Optimization in AWSCost Optimization in AWS
Cost Optimization in AWS
 

Recently uploaded

Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
DianaGray10
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Torry Harris
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
BrainSell Technologies
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
Priyanka Aash
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Muhammad Ali
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
Safe Software
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Neo4j
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
Priyanka Aash
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
Shiv Technolabs
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
bellared2
 
What's new in android: jetpack compose 2024
What's new in android: jetpack compose 2024What's new in android: jetpack compose 2024
What's new in android: jetpack compose 2024
Toru Wonyoung Choi
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Kunal Gupta
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
SynapseIndia
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 

Recently uploaded (20)

Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
 
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
The Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF GuideThe Role of IoT in Australian Mobile App Development - PDF Guide
The Role of IoT in Australian Mobile App Development - PDF Guide
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
 
What's new in android: jetpack compose 2024
What's new in android: jetpack compose 2024What's new in android: jetpack compose 2024
What's new in android: jetpack compose 2024
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 

Identity federation with AWS Cognito

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. BENGALURU
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Federation with AWS Cognito Kumaravel Ponnusamy | 25-09-2018
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Objective • To share the knowledge and learnings in the Identity federation with Cognito. • Outlining the challenges and solutions pertaining to Single Sign On, IAM policies and securing the tokens. • Communicating with third party authentication provider and federating it with the help of Cognito identity pool to access the AWS resources in secure way of access to the AWS services.
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introduction • We developed a web based front end application, which would connect with AWS Serverless architecture. • We have implemented the application with a custom authentication & Authorization method to communicate with AWS.
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Over All Flow
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Business case • Low cost of authentication and authorization. • Interoperability within AWS Services. • Secure communication with IoT Devices. • Managing secure tokens between user sessions. • Serverless application to achieve single-sign-on.
  • 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Auth0 • AWS IAM • AWS Cognito federated identity • AWS Resources Tools & Components
  • 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges: • Secured way of sharing the temporary credentials to front end. • Time expiry of temporary credentials from Cognito. • Attaching AWS Resource policies to the Authenticated identity. • Connecting MQTT to AWS IoT using temporary credentials based on RBAC.
  • 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solutions • Auth0 connectivity with IAM • Adding Auth0 in IAM Identity provider using following params: • Client ID • Client secret • Identity provider URL
  • 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solutions (Contd..) • Cognito Identity pool • Create federated identity which should be mapped with following params: • IAM Authenticated role • IAM Unauthenticated role • Identity provider in OpenID
  • 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solutions (Contd..) • The session token and security key is passed to the front end using lambda. Using sigv4 and crypto libraries front end will connected to the AWS resources using temporary credentials. • The session token will get expired in a particular time period even the user in active mode. • To avoid that use the auto renewal token to get session token before it gets expired.
  • 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Questions?
  • 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you