Is it possible to use IAM and Secure Token Service as the authentication solution for an application?

Question

The reasons for considering this are:
* The number of authenticated users is low, and leveraging the roles and permissions model in AWS would be useful.
* Unifies the audit processes
* Allows users of our application to also access AWS features like dashboards, logging etc.

I think it may be possible with API Gateway, but I couldn't see something in the docs that would pass a username or a verification result through the HTTP headers.

Answer

It looks like [Cognito Identity Pools](https://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html) is what you are looking for.  This lets you map IAM roles to identities.  For defining the actual user, password, etc to define the identity you will use with Identity Pools, you can use  [Amazon Cognito user pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html), but you do not have to.   [Cognito Identity Pools](https://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html) will also work with [user IDs defined on Facebook, Google, etc.](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html)

Answer

I think what you are looking for is [AWS Single Sign-On](https://aws.amazon.com/single-sign-on/).

Another option would be [Amazon Cognito](https://aws.amazon.com/cognito/).

Is it possible to use IAM and Secure Token Service as the authentication solution for an application?

관련 콘텐츠