{"id":2218,"date":"2019-08-22T10:42:23","date_gmt":"2019-08-22T10:42:23","guid":{"rendered":"https:\/\/www.testpreptraining.com\/tutorial\/?page_id=2218"},"modified":"2020-05-02T07:42:13","modified_gmt":"2020-05-02T07:42:13","slug":"delegation-federation","status":"publish","type":"page","link":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/delegation-federation\/","title":{"rendered":"Delegation &#038; Federation"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>Identity Federation &#8211; Own IdP &#8211; IAM, allow users in other AWS accounts access to resources &#8211; Delegation, <\/li><li>allows users from external IdP &#8211; Federation.  <\/li><\/ul>\n\n\n\n<p><strong>Types of Federation <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Corporate\/Enterprise Identity Federation (LADP,AD,SAML,AWS Directory Service)<\/li><li>Web Identity Federation (Amazon, Facebook, Google, Twitter, OpenID Connect) allow app or access to AWS resources.<\/li><li>ROLES: object which contains 2 policy documents. TRUST Policy (who granted &#8211; ARN) ACCESS policy (what entity &#8211; Action)<\/li><li>SESSIONS: set of temporary credentials; access and secret key with expiration; obtained by STS;<\/li><li>Service Delegation &#8211; EC2 or Lambda auto refresh the session which auto refreshes temp credentials managed on behalf.<\/li><\/ul>\n\n\n\n<p>Console Multi-Account Access:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Login to Prod account -&gt; authenticate with access keys -&gt; STS Service -&gt; STS:AssumeRole -&gt; Temp Credentials -&gt; Dev Account<\/li><li>Login to Dev account -&gt; Create IAM role -&gt; TrustProductionUsersFullAdmin -&gt; Role for Cross account access -&gt; between AWS accounts -&gt;<\/li><li>Prod account AWS Account ID -&gt; Attach Policy -&gt; Create Role<\/li><li>Login to Prod Account -&gt; Switch Role -&gt; Account Name, Role, Display Name, Color <\/li><\/ul>\n\n\n\n<p>Delegate Access Across AWS Accounts Using IAM Roles <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>share resources in one account with users in a\ndifferent account. <\/li><li>With cross-account access, don&#8217;t create\nindividual IAM users in each account. <\/li><li>users don&#8217;t have to sign out of one account and\nsign into another to access resources in different AWS accounts. <\/li><\/ul>\n\n\n\n<p>This workflow has three basic steps.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"265\" src=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-183.png\" alt=\"\" class=\"wp-image-2310\"\/><\/figure>\n\n\n\n<p>Step 1 &#8211; Create a Role<\/p>\n\n\n\n<p>Step 2 &#8211; Grant Access to the Role <\/p>\n\n\n\n<p>Step 3 &#8211; Test Access by Switching Roles <\/p>\n\n\n\n<p><strong>Federation<\/strong><\/p>\n\n\n\n<p>The creation of a trust relationship between an external identity provider and AWS. Users can sign in to a web identity provider, such as <strong>Login with Amazon<\/strong>, <strong>Facebook<\/strong>, <strong>Google<\/strong>, or any IdP that is compatible with <strong>OpenID Connect<\/strong> (OIDC). Users can also sign in to an enterprise identity system that is compatible with Security Assertion Markup Language (SAML) 2.0, such as Microsoft Active Directory Federation Services. When you use OIDC and SAML 2.0 to configure a trust relationship between these external identity providers and AWS, the user is assigned to an IAM role. The user also receives temporary credentials that allow the user to access AWS resources. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Identity Federation &#8211; Own IdP &#8211; IAM, allow users in other AWS accounts access to resources &#8211; Delegation, allows users from external IdP &#8211; Federation. Types of Federation Corporate\/Enterprise Identity Federation (LADP,AD,SAML,AWS Directory Service) Web Identity Federation (Amazon, Facebook, Google, Twitter, OpenID Connect) allow app or access to AWS resources. ROLES: object which contains 2&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":2084,"menu_order":35,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"categories":[],"tags":[408,372,380],"class_list":["post-2218","page","type-page","status-publish","hentry","tag-delegation-federation","tag-devops","tag-devops-engineer"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Delegation &amp; Federation - Testprep Training Tutorials<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/delegation-federation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Delegation &amp; Federation - Testprep Training Tutorials\" \/>\n<meta property=\"og:description\" content=\"Identity Federation &#8211; Own IdP &#8211; IAM, allow users in other AWS accounts access to resources &#8211; Delegation, allows users from external IdP &#8211; Federation. Types of Federation Corporate\/Enterprise Identity Federation (LADP,AD,SAML,AWS Directory Service) Web Identity Federation (Amazon, Facebook, Google, Twitter, OpenID Connect) allow app or access to AWS resources. ROLES: object which contains 2...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/delegation-federation\/\" \/>\n<meta property=\"og:site_name\" content=\"Testprep Training Tutorials\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-02T07:42:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-183.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/delegation-federation\/\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/delegation-federation\/\",\"name\":\"Delegation & Federation - Testprep Training Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\"},\"datePublished\":\"2019-08-22T10:42:23+00:00\",\"dateModified\":\"2020-05-02T07:42:13+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/delegation-federation\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/delegation-federation\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/delegation-federation\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AWS Certified DevOps Engineer Professional\",\"item\":\"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Delegation &#038; Federation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#website\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"name\":\"Testprep Training Tutorials\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#organization\",\"name\":\"Testprep Training\",\"url\":\"https:\/\/www.testpreptraining.ai\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"contentUrl\":\"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png\",\"width\":583,\"height\":153,\"caption\":\"Testprep Training\"},\"image\":{\"@id\":\"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Delegation & Federation - Testprep Training Tutorials","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/delegation-federation\/","og_locale":"en_US","og_type":"article","og_title":"Delegation & Federation - Testprep Training Tutorials","og_description":"Identity Federation &#8211; Own IdP &#8211; IAM, allow users in other AWS accounts access to resources &#8211; Delegation, allows users from external IdP &#8211; Federation. Types of Federation Corporate\/Enterprise Identity Federation (LADP,AD,SAML,AWS Directory Service) Web Identity Federation (Amazon, Facebook, Google, Twitter, OpenID Connect) allow app or access to AWS resources. ROLES: object which contains 2...","og_url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/delegation-federation\/","og_site_name":"Testprep Training Tutorials","article_modified_time":"2020-05-02T07:42:13+00:00","og_image":[{"url":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-content\/uploads\/2019\/08\/image-183.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/delegation-federation\/","url":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/delegation-federation\/","name":"Delegation & Federation - Testprep Training Tutorials","isPartOf":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website"},"datePublished":"2019-08-22T10:42:23+00:00","dateModified":"2020-05-02T07:42:13+00:00","breadcrumb":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/delegation-federation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/delegation-federation\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/delegation-federation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.testpreptraining.ai\/tutorial\/"},{"@type":"ListItem","position":2,"name":"AWS Certified DevOps Engineer Professional","item":"https:\/\/www.testpreptraining.ai\/tutorial\/aws-devops-engineer\/"},{"@type":"ListItem","position":3,"name":"Delegation &#038; Federation"}]},{"@type":"WebSite","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#website","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","name":"Testprep Training Tutorials","description":"","publisher":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.testpreptraining.ai\/tutorial\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#organization","name":"Testprep Training","url":"https:\/\/www.testpreptraining.ai\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","contentUrl":"https:\/\/www.testpreptraining.com\/tutorial\/wp-content\/uploads\/2020\/07\/tpt-logo-6.png","width":583,"height":153,"caption":"Testprep Training"},"image":{"@id":"https:\/\/www.testpreptraining.ai\/tutorial\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/comments?post=2218"}],"version-history":[{"count":4,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2218\/revisions"}],"predecessor-version":[{"id":2444,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2218\/revisions\/2444"}],"up":[{"embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/pages\/2084"}],"wp:attachment":[{"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/media?parent=2218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/categories?post=2218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.testpreptraining.ai\/tutorial\/wp-json\/wp\/v2\/tags?post=2218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}