ADFS + IAM

transcript

FOR ENTERPRISE AWS

ADFS + IAM Single Sign On

Introduction

Cloud Architect and EngineerBackground in Systems Administration

Large scale E-Commerce systems Media scale events Helping companies migrate to Cloud Services

3 Data centre design rebuilds 4 complete migrations to AWS

OpenSource Enthusiast http://dev.squarecows.com Yes it pains me to talk about ADFS

Why ADFS?

Business Reasons Little entry cost Provides your existing business process with the ability

to control access to AWS services Provides an audit trial (using cloudtrail)

Technical Reasons SAML integration (Security Assertion Markup Language) Connects with IAM seamlessly Uses existing infrastructure No need to recreate all your users in IAM and manage

them by hand Map IAM policies to AD Groups

Active Directory Federation Services

Deeper into ADFS

My Test Setup Based on original RE:Invent presentation setup Single AD server running in AWS ADFS 2.0 installed on the AD controller

MS Suggested setup HA AD Servers Dual ADFS 2.0 stand alone servers Load balancer for ADFS

How it all Works

Setting up IAM

Requirements AD +ADFS setup Downloaded ADFS metadata AWS-Prod and AWS-Dev Groups in AD A User in these groups

Create Identity Provider on IAMCreate IAM Roles and grant SSO permissionsSetup ADFS Trust and mappings

Identity Access management

Setting up IAMIdentity Access management

Login In

Sign into ADFS

Pick Your Role

Enjoy AWS

Useful Resources

Original ADFS + IAM guide http://goo.gl/kM4V4Y

AWS IAM Policy Generator http://goo.gl/vpTdBQ

Beyond AWS Services

WorkSpaces https://aws.amazon.com/workspaces/

AD integration

Questions???

Twitter: @ric_harvey

Or via Email: richard.harvey@intechnica.co.uk

ADFS + IAM

Technology