Annoucing AWS analytics services streamline user access to data, permissions setting, and auditing

2 minute read
Content level: Intermediate

AWS has introduced trusted identity propagation in IAM Identity Center, enhancing user identity management for applications like Tableau by simplifying sign-ins, improving access control, and facilitating audits.

AWS IAM Identity Center now supports trusted identity propagation, simplifying end-user identity management in applications like Tableau. This new capability benefits users, data owners, and auditors by enabling:

Simplified Sign-In: Users can enjoy a seamless sign-in experience. Access Control: Data owners can define access based on real user identities. Auditability: Auditors can verify data access by specific users. Trusted identity propagation allows applications such as Tableau, QuickSight, and Redshift Query Editor to pass user identities and group memberships to services like Amazon Redshift, Athena, S3, and EMR. This capability enhances sign-in experiences, simplifies data access management, and improves auditability by using OAuth2 and JWT standards.

Key Benefits Precise Access Policies: Downstream service administrators can create access policies based on actual user identities and groups. Enhanced Audit Trails: Auditors gain access to original user identities in logs. User-Friendly Single Sign-On: Users can sign in using corporate SSO, avoiding the need to manage AWS IAM roles. Configuration Overview Identity Source Configuration: Set up identity sources in AWS IAM Identity Center, often using SCIM for automated provisioning. Application Authentication: Configure applications (e.g., Tableau) to authenticate with your identity provider (e.g., Okta). Service Connection: Establish connections between applications and downstream services like Amazon Redshift. Trusted Token Issuers: For custom applications, create trusted token issuers in IAM Identity Center to map authenticated users to IAM identities. Access Policies: Configure downstream service access policies based on user identities and group memberships. End-User Experience Users benefit from a familiar SSO process. For example, a Tableau user would authenticate via Okta, and Tableau would use the access token to connect to Amazon Redshift. IAM Identity Center validates the token, allowing data access based on user identity.

Pricing and Availability Trusted identity propagation is available at no additional cost in 26 AWS Regions.

Additional Resources Simplify workforce identity management Integrate Okta with Amazon Redshift Simplify access management Bring workforce identity to EMR Studio and Athena Develop data applications with IAM Identity Center and S3 Trusted identity propagation offers a streamlined, secure, and auditable way to manage user identities across various AWS services and applications.

Source :-

profile picture
published 21 days ago939 views