21 Nov Case Study: AWS Identity Federation Integration Case Study
Amazon.com Inc. is the world’s largest ecommerce company covering the online sale of books, DVDs, consumer goods, etc., as well as various Cloud Computing services to a large number of enterprises world-wide.
With the release of a new version, AWS Identity and Access Management (IAM) began to support identity federation for delegated access to the AWS Management Console or AWS APIs. Now the external identities (federated users) are granted secure access to resources in the enterprise’s AWS account without having to create IAM users for each individual user.
With the need to establish a relation between corporate users and IAM accounts on a corporate level, Akvelon was tasked to provide more secure possession and use of IAM accounts by the enterprises to which these IAM accounts were issued (their identities and secret keys are never shared with end users). We were also asked to provide the ability to quickly adjust federated corporate user roles/permissions by simple action at the Active Directory level.
Akvelon was chosen as the sole contractor for this project simply due to the aggressive timeline Akvelon agreed on, and the fact that Akvelon proactively proposed several viable solutions at the stage of initial discussion. Akvelon assumed full responsibility for this end-to-end contract.
The Identity Federation application is an ASP.NET MVC web application hosted on corporation premises.
The application creates a proper request to Amazon Identity and Access Management services, containing an AWS Security Token Service (STS) for proper authentication and authorization on Amazon’s side.
The application was supplied with Windows Installer, allowing for rapid enterprise deployment. Amazon decided to ship the application with Open Source code, allowing the IT department of each enterprise to adjust federation process if they chose to; or just use the application as developed. The final deliverable was published by Amazon.
Benefits and Results
Akvelon created an application that fully satisfied the client needs – it allowed for immediate and easy use by enterprises, and helped Amazon to ease acceptance of AWS Identity and Access Management. It also improved the security of secret keys issued by Amazon to corporate clients, as they no longer needed to be explicitly shared with their corporate domain users.