Identity federation with AWS Cognito

•Download as PPTX, PDF•

1 like•195 views

This document discusses identity federation with AWS Cognito. It aims to share knowledge and learnings about single sign-on, IAM policies, and securing tokens. It outlines challenges like securing temporary credentials and attaching resource policies to authenticated identities. It then describes solutions like adding Auth0 as an IAM identity provider and creating a Cognito identity pool mapped to IAM roles. Temporary credentials from Cognito are passed to the front-end via Lambda to access AWS resources securely. Auto renewal of tokens ensures credentials do not expire while the user is active.

Technology

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
BENGALURU

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Identity Federation
with AWS Cognito
Kumaravel Ponnusamy | 25-09-2018

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Objective
• To share the knowledge and learnings in the Identity federation with
Cognito.
• Outlining the challenges and solutions pertaining to Single Sign On,
IAM policies and securing the tokens.
• Communicating with third party authentication provider and federating it
with the help of Cognito identity pool to access the AWS resources in
secure way of access to the AWS services.

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Introduction
• We developed a web based front end application, which would connect
with AWS Serverless architecture.
• We have implemented the application with a custom authentication &
Authorization method to communicate with AWS.

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Over All Flow

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Business case
• Low cost of authentication and authorization.
• Interoperability within AWS Services.
• Secure communication with IoT Devices.
• Managing secure tokens between user sessions.
• Serverless application to achieve single-sign-on.

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
• Auth0
• AWS IAM
• AWS Cognito federated identity
• AWS Resources
Tools & Components

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Challenges:
• Secured way of sharing the temporary credentials to front end.
• Time expiry of temporary credentials from Cognito.
• Attaching AWS Resource policies to the Authenticated identity.
• Connecting MQTT to AWS IoT using temporary credentials based on
RBAC.

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Solutions
• Auth0 connectivity with IAM
• Adding Auth0 in IAM Identity provider using
following params:
• Client ID
• Client secret
• Identity provider URL

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Solutions (Contd..)
• Cognito Identity pool
• Create federated identity which
should be mapped with following
params:
• IAM Authenticated role
• IAM Unauthenticated role
• Identity provider in OpenID

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Solutions (Contd..)
• The session token and security key is passed to the front end using
lambda. Using sigv4 and crypto libraries front end will connected to the
AWS resources using temporary credentials.
• The session token will get expired in a particular time period even the
user in active mode.
• To avoid that use the auto renewal token to get session token before it
gets expired.

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Questions?

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you

Initial investigations into the use of blockchain often results in such questions as, “What can this technology do for us?” or “Can’t I just use a database?” rather than a more data-centric approach that can help define an effective blockchain strategy and help create a competitive advantage. In this chalk talk, we review a number of practical uses of blockchain within retail, from supply chain to inventory management, and from customer service conflict resolution to a customer maintaining virtual, transferable warranty wallets. The AWS Retail team presents some of the standard applications of blockchain with AWS in this interactive session. Bring your use cases to the whiteboard!

Detect Abnormal Device Behavior with AWS IoT Device Defender (IOT313-R3) - AW...

Amazon Web Services

Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018

Amazon Web Services

AWS IoT Device Defender is a fully managed service that helps you secure your fleet of IoT devices. In this session, we dive into Device Defender Detect, the feature that monitors metrics collected on device and cloud-side to identify anomalous behaviors. We get into the details of how Device Defender Detect works and metrics that it supports. The session includes a demo of how best to leverage Device Defender Detect for keeping your devices secure.

Build Business-Ready Blockchains with Intelligence (GPSTEC315) - AWS re:Inven...

Amazon Web Services

Blockchain continues to be called the next generation of technology, so why does it mystify so many? In this session, we discuss how AWS and its ecosystem will help deliver value beyond just infrastructure for blockchain. We include the blockchain competency announcement, the blockchain value proposition broken down, a customer story involving Intel and T-mobile, and a blockchain delivery kit featuring Accenture and AWS.

Next Generation API Management & Microservices Service Mesh

Nordic APIs

Deep Dive into New AWS IoT Services Launched in 2018 (IOT320) - AWS re:Invent...

Amazon Web Services

Virtualised Video Services Built on AWS

Amazon Web Services

Maximize Innovation and Agility by Building Your SaaS Solution on AWS (GPSBUS...

Amazon Web Services

AWS Partner Network (APN) Partners seek a SaaS delivery model for their products to support rapidly changing customer business needs, save costs, and expand market value. AWS has over ten years of experience supporting thousands of ISVs who use AWS services and products as the foundation for their software business, leveraging our rapid pace of service and product innovation, pay-as-you-go pricing, scale and availability, security and compliance, and global reach. In this session, you hear directly from partners who have successfully built their SaaS business on AWS, including how they transformed their business, the impact on business and customers, and ways they used the APN along the way.

In this presentation, we take a deeper look at Amazon FreeRTOS. As OEMs work to squeeze more functionality onto cheaper and smaller IoT devices, they face a series of challenges in development and operations that results in security vulnerabilities, inefficient code, compatibility issues, and unclear licensing. With Amazon FreeRTOS, it is now easier to build, deploy, and update connected microcontroller-based devices quickly and economically, while retaining confidence that the devices are secure. Also, learn how Pentair, a leading water treatment company, is developing an IoT solution with the help of Amazon FreeRTOS and Espressif Systems, a hardware partner.

Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018

Amazon Web Services

Internet of Things (IoT) is taking the world by storm. Nearly every study indicates that the number of edge devices connected to an IoT platform will grow exponentially in the next few years. It’s our belief that over time, everything that can be connected to Internet will be. That’s “lots” of things. Protecting your IoT deployment is key to securing data and earning customer trust. In this talk, we walk through best practices for securing edge devices using native capabilities within AWS IoT and AWS IoT Device Defender.

Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...

Amazon Web Services

Whether you are part of a large organization moving your applications to the cloud, or a new application owner just getting started, you always need a baseline security for your web applications. In addition, large organizations with common security requirements frequently need to standardize their security posture across many applications. With compliance initiatives, such as PCI, OFAC, and GDPR, there is a need to effectively manage this posture with minimal error. In this session, learn how to use services like AWS WAF, AWS Shield, and AWS Firewall Manager to deploy and manage rules and protections uniformly across many accounts and resources. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.

Kondo-ing API Authorization

Nordic APIs

Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018

Amazon Web Services

Helping you manage the security of your IoT fleet is a top priority for AWS. You can use AWS IoT Device Defender to audit device fleets for best practices and drift in security settings, detect abnormal device behavior, and receive alerts to investigate issues. In this session, we will show you how you can use AWS IoT Device Defender to implement and maintain secure policies and controls to keep data and devices secure. Come away understanding how to spot insecure device configurations and how to set up metrics that can be used to spot a DDoS and botnet attacks. We will also look at how AWS IoT Device Defender works with AWS IoT Core and AWS IoT Device Management to respond to security alerts.

Mining API Traffic Metadata

Nordic APIs

Secure Your Customer Data from Day 1

Amazon Web Services

All companies, regardless of size, should build with protection of customer data as a top priority. This session examines how to achieve this through topics including: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. You'll learn key principles of how to build a secure organization and protect your customers’ data. Don't wait until your first security incident before putting these best practices in place.

Let’s Talk About the Ipro Platform

Ipro Tech

Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...

Amazon Web Services

In Financial Services, payments have evolved from a commodity into a key differentiator, driven by customer demand for faster, easier, and more seamless payment processing. Expectations from regulators for PCI DSS-compliant workloads have evolved with increased focus on risk reduction, transparency, and standardization. In this space, the need to replace legacy systems, address security concerns, and support a highly seasonal 24/7/365 operation present barriers to innovation. In this chalk talk, we examine how our customers address these concerns by using the AWS Cloud to rapidly build their own scalable payment systems, leveraging PCI DSS-compliant AWS services across compute, database, analytics, and security. Together, we explore traditional design patterns based on our PCI DSS Quick Start, as well as the evolution to managed services, microservices, and serverless services.

Enabling the Media Community

Amazon Web Services

Intro to Threat Detection and Remediation on AWS

Amazon Web Services

In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments. Level 200

The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018

Amazon Web Services

Navigating GDPR Compliance on AWS

Amazon Web Services

The General Data Protection Regulation (GDPR) becomes enforceable on May 25, 2018. Complying with GDPR can be challenging, but AWS can guide you through the process. This webinar is hosted by a GDPR compliance expert who will explain the automation mechanisms AWS offers its customers to help with their compliance programs. Specific GDPR articles will be matched to tooling, so knowledge of both will be helpful in understanding the material. A Q&A will follow.

Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...

Amazon Web Services

In this chalk talk, we focus on how to model teams, processes, and tools to achieve a secure CI/CD pipeline that results in continuously compliant and authorized services. We look at how public sector organizations such as the United States Customs and Immigration Services (USCIS) were able to successfully implement these novel capabilities for mission-critical workloads. Then, AWS and USCIS models those best practice designs, processes, and tools with participants in an interactive whiteboard session. We walk through deconstructing monolith services and processes, plus employing designs such as containers, microservices, and CI/CD tools to achieve success.

Serverless (Headless) Retail Technologies at Scale (RET302) - AWS re:Invent 2018

Amazon Web Services

In this workshop, learn how retailers can climb the cliff face of traffic that comes from running promotions while still needing to keep full-priced transactions coming through their existing platform. Using existing (non-microservices) backend systems, we show how you can leverage AWS Lambda, Amazon SNS, Amazon SQS, and Amazon API Gateway to tie to a current custom e-commerce stack via a promotional landing page that diverts traffic from your critical infrastructure using Amazon CloudFront and AWS Lambda@Edge. Learn how to manage browsing traffic instantly and monitor it in production using Amazon CloudWatch and AWS X-Ray without having to rewrite your existing ecommerce code.

Opening: The M&E Industry, Drivers for Change, and the Agenda for the Day

Amazon Web Services

Why Public Sector Customers are Moving to the Cloud: Benefits, Security, Cost...

Amazon Web Services

<Management Track> Brad Coughlan, APJ Head of Strategic Business Development, Public Sector, Amazon Web Services In this session, we will cover the most common questions he answers when meeting with public sector customers across Asia Pacific and Japan. Why do public sector customers move to the cloud? What are the benefits? Is it secure? What are the barriers to adoption? And what does a typical public sector journey to the cloud look like? Find out what you, too, can do to get started.

Cloud Procurement in Public Sector - Making It Work - AWS Public Sector Summi...

Amazon Web Services

<Management Track> Priya Singh, Business Development Capture Manager, APAC Public Sector, Amazon Web Services Cloud procurement is unlike traditional technology purchasing. Public sector entities are accustomed strict procurement rules governing the purchase of physical hardware and related software. In this session, learn how to make procurement work according to your timeline and needs, so your organization can reap the full benefits of cloud.

[NEW LAUNCH!] Introducing AWS IoT Things Graph (IOT366) - AWS re:Invent 2018

Amazon Web Services

AWS IoT Things Graph is a service that enables you to visually build IoT applications by connecting devices and web services from different vendors with little to no code. In this session, we discuss how you can represent devices and services as reusable components, called models, that hide low-level details, such as protocols and interfaces. We show you how to visually wire models together to design your applications quickly, and then deploy the applications on the local gateway for execution. We will end with a demo, so you can see how much development time you can save using AWS IoT Things Graph.

AWS Shared Responsibility Model and GDPR

Amazon Web Services

Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...

Amazon Web Services

Serverless architecture and a microservices approach has changed the way we develop applications. Increased composability doesn't have to mean decreased auditability or security. In this talk, we discuss the security model for applications based on AWS Lambda functions and Amazon API Gateway. Learn about the security and compliance that comes with Lambda right out of the box and with no extra charge or management. We also cover services like AWS Config, AWS Identity and Access Management (IAM), Amazon Cognito, and AWS Secrets Manager available on the platform to help manage application security.

Build a Social News App with Android and AWS (MOB307) - AWS re:Invent 2018

Amazon Web Services

As an Android developer, you keep up to date with the latest development techniques available. AWS Mobile has some easy-to-use yet powerful cloud offerings that can help take your app to the next level. In this workshop, we build a cloud-connected social news app, integrating authentication, analytics, and real-time data, and we provide techniques that you can use in your own development to enable responsive, native mobile apps.

What's hot

Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...

Amazon Web Services

Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018

Amazon Web Services

Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...

Amazon Web Services

Kondo-ing API Authorization

Nordic APIs

Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018

Amazon Web Services

Mining API Traffic Metadata

Nordic APIs

Secure Your Customer Data from Day 1

Amazon Web Services

Let’s Talk About the Ipro Platform

Ipro Tech

Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...

Amazon Web Services

Enabling the Media Community

Amazon Web Services

Intro to Threat Detection and Remediation on AWS

Amazon Web Services

The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018

Amazon Web Services

Navigating GDPR Compliance on AWS

Amazon Web Services

Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...

Amazon Web Services

Serverless (Headless) Retail Technologies at Scale (RET302) - AWS re:Invent 2018

Amazon Web Services

Opening: The M&E Industry, Drivers for Change, and the Agenda for the Day

Amazon Web Services

Why Public Sector Customers are Moving to the Cloud: Benefits, Security, Cost...

Amazon Web Services

Cloud Procurement in Public Sector - Making It Work - AWS Public Sector Summi...

Amazon Web Services

[NEW LAUNCH!] Introducing AWS IoT Things Graph (IOT366) - AWS re:Invent 2018

Amazon Web Services

AWS Shared Responsibility Model and GDPR

Amazon Web Services

What's hot (20)

Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...

Securing and Managing IoT Devices at Scale (SEC367-R1) - AWS re:Invent 2018

Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...

Kondo-ing API Authorization

Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018

Mining API Traffic Metadata

Secure Your Customer Data from Day 1

Let’s Talk About the Ipro Platform

Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...

Enabling the Media Community

Intro to Threat Detection and Remediation on AWS

The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018

Navigating GDPR Compliance on AWS

Design Continuous Authorization for Rapid Delivery of Mission-Critical Servic...

Serverless (Headless) Retail Technologies at Scale (RET302) - AWS re:Invent 2018

Opening: The M&E Industry, Drivers for Change, and the Agenda for the Day

Why Public Sector Customers are Moving to the Cloud: Benefits, Security, Cost...

Cloud Procurement in Public Sector - Making It Work - AWS Public Sector Summi...

[NEW LAUNCH!] Introducing AWS IoT Things Graph (IOT366) - AWS re:Invent 2018

AWS Shared Responsibility Model and GDPR

Similar to Identity federation with AWS Cognito

Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...

Amazon Web Services

Build a Social News App with Android and AWS (MOB307) - AWS re:Invent 2018

Amazon Web Services

SID305 AWS Certificate Manager Private CA

Amazon Web Services

AWS Certificate Manager (ACM) Private Certificate Authority (CA) is a managed private CA service that helps you easily and securely manage the lifecycle of your private certificates. In this session, learn how ACM Private CA extends ACM’s certificate management capabilities to private certificates and enables you to centrally manage public and private certificates. We also demonstrate how ACM Private CA enables you to create a Private CA and use it to create and deploy private certificates for your AWS resource and internal resources. We also discuss case studies demonstrating how customers use ACM Private CA to automate security and certificate management.

[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...

Amazon Web Services

How to Implement a Well-Architected Security Solution.pdf

Amazon Web Services

AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...

Amazon Web Services

Secure Your Customers' Data From Day One

Amazon Web Services

Secure Your Customers' Data from Day 1: Armando Leite, AWS All companies, regardless of size, should build with protection of customer data as a top priority. This session will examine how to achieve this through topics including: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. You'll learn key principles of how to build a secure organization and protect your customers data. Don't wait until your first security incident before putting these best practices in place.

Virtual_Insurers_New_Tools_For_A_New_World

Amazon Web Services

Generational Shifts and customer expectations has greatly changed the way insurance works, affecting insurer's channel, product and brand strategies. New players ike virtual insurers are getting ahead in the game. In this session, Bowtie, the first virtual insurer in Hong Kong will dive deep into how they leverage the AWS cloud technologies to build a new operations model, accelerate their business and minimize capital investment.

AWS Governance at Scale_AWSPSSummit_Singapore

Amazon Web Services

Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...

Amazon Web Services

As companies employ DevOps practices to push applications faster into production through better collaboration and automated testing, security is often seen as an inhibitor to speed. The challenge for many organizations is getting applications delivered at a fast pace while embedding security at the speed of DevOps. In this session, learn how AWS Marketplace products and customers help make DevSecOps a well-orchestrated methodology to ensure the speed, stability, and security of your applications.

[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...

Amazon Web Services

Building Blockchain Platforms Beyond a Proof of Concept (GPSTEC317) - AWS re:...

Amazon Web Services

Blockchain is a distributed ledger-based technology that enables you to uniquely solve inefficiencies in business networks. However, like any exchange of value, it makes sense only when used by multiple parties. With the myriad of existing protocols and proposed applications, it can be difficult to decide on the right approach to implement a blockchain solution that best fits a given use case. In this talk, we dissect use cases and blockchain architectures built for multi-party consortiums in energy and financial services sectors. Our partners GuildOne and Kaleido highlight the architectural approaches to shared IT and consortium building using Corda and Ethereum protocols.

AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...

Amazon Web Services

Zero trust security is quickly rising as a preferred alternative to traditional security approaches. The key enabling technology underlying the zero trust security approach is next-gen access which combines the critical capabilities of such technologies as identity as a service (IDaaS), enterprise mobility management (EMM), and privileged access management (PAM). In this session, we highlight AWS security best practices in a zero trust security model. Specifically, we explore securing the AWS root account, controlling access to the AWS Management Console, and the AWS Command Line Interface, and managing developer access to Amazon EC2 instances and containerized applications that run on them.

Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018

Amazon Web Services

Amazon Elasticsearch Service has a rich set of security features that give you control over access to data in your domain. Whether you're using Amazon Cognito to integrate with your federated identity provider for a Kibana login, building a VPC application and integrating search, or using IAM for fine-grained access, you need to understand your options so you can keep your data safe. Leave this session with a practical set of tools for security.

Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...

Amazon Web Services

AWSome Day Online Conference 2018 - Module 3

Amazon Web Services

Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...

Amazon Web Services

As with everything in life there is an easy way and a hard way when it comes to adopting security framework recommendations. Featuring the AWS Well-Architected and Cloud Adoption Frameworks, we will walk you through a complete security journey. We'll start with identification of requirements, then move through a series of how-tos from classifying your data, automating controls, to running fun incident response game days. There will be code giveaways and more!

Enabling a Digital Platform with Microservices Architecture (ARC218-S) - AWS ...

Amazon Web Services

Bajaj Finserv Direct Limited (BFDL) serves millions of customers with its comprehensive portfolio and innovative offerings in financing, general insurance, life and health insurance and retirement and savings. BFDL envisioned building a cloud-native digital platform to offer an unmatched experience to its customers. In this session, hear from BDFL how they built a robust digital backbone on AWS with a scalable microservices architecture deployed using Docker containers. The session also focuses on how a scalable microservices-based architecture can be developed using various AWS services. This session is brought to you by AWS partner, Cognizant Technology Solutions US Corp.

Update on AWS China Regions and Technical Best Practices (GCR201) - AWS re:In...

Amazon Web Services

In this session, we provide an update on the AWS China Region, and we discuss the business and technical best practices occurring there. Whether you’re new to the AWS China Region or you have familiarity with it, you will find useful information. For those who are new, learn how to register an AWS China account, complete China’s ICP filing, optimize network performance between China and the globe, and more. For those who already have experience with the AWS China Region, learn about the new services launched there in the past year.

Introduction to Serverless computing and AWS Lambda - Floor28

Boaz Ziniman

Serverless computing allows you to build and run applications without the need for provisioning or managing servers. With Serverless computing, you can build web, mobile, and IoT backends; run stream processing or big data workloads; run chatbots, and more. In this session, we will learn how to get started with Serverless computing using AWS Lambda, which lets you run code without provisioning or managing servers.

Similar to Identity federation with AWS Cognito (20)

Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...

Build a Social News App with Android and AWS (MOB307) - AWS re:Invent 2018

SID305 AWS Certificate Manager Private CA

[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...

How to Implement a Well-Architected Security Solution.pdf

AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...

Secure Your Customers' Data From Day One

Virtual_Insurers_New_Tools_For_A_New_World

AWS Governance at Scale_AWSPSSummit_Singapore

Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...

[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...

Building Blockchain Platforms Beyond a Proof of Concept (GPSTEC317) - AWS re:...

AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...

Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018

Introducing AWS Certificate Manager Private Certificate Authority (CA) - AWS ...

AWSome Day Online Conference 2018 - Module 3

Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...

Enabling a Digital Platform with Microservices Architecture (ARC218-S) - AWS ...

Update on AWS China Regions and Technical Best Practices (GCR201) - AWS re:In...

Introduction to Serverless computing and AWS Lambda - Floor28

More from AWS User Group Bengaluru

Demystifying identity on AWS

AWS User Group Bengaluru

AWS Secrets for Best Practices

AWS User Group Bengaluru

Cloud Security

AWS User Group Bengaluru

Lessons learnt building a Distributed Linked List on S3

AWS User Group Bengaluru

Medlife journey with AWS

AWS User Group Bengaluru

Building Efficient, Scalable and Resilient Front-end logging service with AWS

AWS User Group Bengaluru

Exploring opportunities with communities for a successful career

AWS User Group Bengaluru

Slack's transition away from a single AWS account

AWS User Group Bengaluru

Log analytics with ELK stack

AWS User Group Bengaluru

Serverless Culture

AWS User Group Bengaluru

Refactoring to serverless

AWS User Group Bengaluru

Amazon EC2 Spot Instances Workshop

AWS User Group Bengaluru

Building Efficient, Scalable and Resilient Front-end logging service with AWS

AWS User Group Bengaluru

The number of internet users is increasing rapidly and so is the number of mobile/web applications. Processing and analyzing user activity is one of the techniques to observe/monitor mobile/web apps. Much of this user activity is captured by the mobile app as a structured log. The problem we are trying to solve here is building and operating a processing backend that ingests activity data from millions of devices with availability and SLA guarantees. This talk was presented at AWS Community Day Bengaluru 2019 by Kokilavani Kathiresan, Ravikumar Kota and Shailja Agarwala - Intuit

Medlife's journey with AWS from 0(zero) orders to 6 digit mark

AWS User Group Bengaluru

AWS Secrets for Best Practices

AWS User Group Bengaluru

CFP - AWS Community Day 2019 CFP - AWS Community Day 2019 100% 10 One of the best practices in Cloud solutions is reliability and consistency is using credentials and this session explains on how to Implement this practice using AWS Secrets Manager Screen reader support enabled. One of the best practices in Cloud solutions is reliability and consistency is using credentials and this session explains on how to Implement this practice using AWS Secrets Manager This talk was presented at AWS Community Day Bengaluru 2019 by Vijayanirmala, Devops Solution lead, Sonata software limited

Exploring opportunities with communities for a successful career

AWS User Group Bengaluru

Lessons learnt building a Distributed Linked List on S3

AWS User Group Bengaluru

In the talk I speak about our year long journey of implementing a distributed system that needed to run on scale, and what mistakes we made and how we learnt from them. Talk also touches on a very interesting problem of ordering writes in a distributed environment without any locking. The takeaway for the audience would be around how to approach a problem when they are solving for scale. This talk was presented at AWS Community Day Bengaluru 2019 by Manik Jindal, Computer Scientist, Adobe

Cloud Security

AWS User Group Bengaluru

Amazon EC2 Spot Instances

AWS User Group Bengaluru

Cost Optimization in AWS

AWS User Group Bengaluru

More from AWS User Group Bengaluru (20)

Demystifying identity on AWS

AWS Secrets for Best Practices

Cloud Security

Lessons learnt building a Distributed Linked List on S3

Medlife journey with AWS

Building Efficient, Scalable and Resilient Front-end logging service with AWS

Exploring opportunities with communities for a successful career

Slack's transition away from a single AWS account

Log analytics with ELK stack

Serverless Culture

Refactoring to serverless

Amazon EC2 Spot Instances Workshop

Building Efficient, Scalable and Resilient Front-end logging service with AWS

Medlife's journey with AWS from 0(zero) orders to 6 digit mark

AWS Secrets for Best Practices

Exploring opportunities with communities for a successful career

Lessons learnt building a Distributed Linked List on S3

Cloud Security

Amazon EC2 Spot Instances

Cost Optimization in AWS

Recently uploaded

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Uni Systems S.M.S.A.

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

Large Language Model (LLM) and it’s Geospatial Applications

Rohit Gautam

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

By Design, not by Accident - Agile Venture Bolzano 2024

Pierluigi Pugliese

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Free Complete Python - A step towards Data Science

RinaMondal9

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

みなさんこんにちはこれ何文字まで入るの？40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの？えこ...

名前です男

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Neo4j

Leonard Jayamohan, Partner & Generative AI Lead, Deloitte This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

SOFTTECHHUB

As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.

Recently uploaded (20)

Microsoft - Power Platform_G.Aspiotis.pdf

Pushing the limits of ePRTC: 100ns holdover for 100 days

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Introduction to CHERI technology - Cybersecurity

DevOps and Testing slides at DASA Connect

Climate Impact of Software Testing at Nordic Testing Days

Large Language Model (LLM) and it’s Geospatial Applications

20240609 QFM020 Irresponsible AI Reading List May 2024

By Design, not by Accident - Agile Venture Bolzano 2024

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Essentials of Automations: The Art of Triggers and Actions in FME

Securing your Kubernetes cluster_ a step-by-step guide to success !

National Security Agency - NSA mobile device best practices

Free Complete Python - A step towards Data Science

A tale of scale & speed: How the US Navy is enabling software delivery from l...

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Removing Uninteresting Bytes in Software Fuzzing

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

Identity federation with AWS Cognito

3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Objective • To share the knowledge and learnings in the Identity federation with Cognito. • Outlining the challenges and solutions pertaining to Single Sign On, IAM policies and securing the tokens. • Communicating with third party authentication provider and federating it with the help of Cognito identity pool to access the AWS resources in secure way of access to the AWS services.

4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introduction • We developed a web based front end application, which would connect with AWS Serverless architecture. • We have implemented the application with a custom authentication & Authorization method to communicate with AWS.

6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Business case • Low cost of authentication and authorization. • Interoperability within AWS Services. • Secure communication with IoT Devices. • Managing secure tokens between user sessions. • Serverless application to achieve single-sign-on.

8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges: • Secured way of sharing the temporary credentials to front end. • Time expiry of temporary credentials from Cognito. • Attaching AWS Resource policies to the Authenticated identity. • Connecting MQTT to AWS IoT using temporary credentials based on RBAC.

9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solutions • Auth0 connectivity with IAM • Adding Auth0 in IAM Identity provider using following params: • Client ID • Client secret • Identity provider URL

10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solutions (Contd..) • Cognito Identity pool • Create federated identity which should be mapped with following params: • IAM Authenticated role • IAM Unauthenticated role • Identity provider in OpenID

11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Solutions (Contd..) • The session token and security key is passed to the front end using lambda. Using sigv4 and crypto libraries front end will connected to the AWS resources using temporary credentials. • The session token will get expired in a particular time period even the user in active mode. • To avoid that use the auto renewal token to get session token before it gets expired.

Identity federation with AWS Cognito

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Identity federation with AWS Cognito

Similar to Identity federation with AWS Cognito (20)

More from AWS User Group Bengaluru

More from AWS User Group Bengaluru (20)

Recently uploaded

Recently uploaded (20)

Identity federation with AWS Cognito