- DynamoDB - Best Practices
- DynamoDB - Error Handling
- DynamoDB - Table Activity
- DynamoDB - MapReduce
- DynamoDB - CloudTrail
- DynamoDB - Monitoring
- DynamoDB - Data Backup
- DynamoDB - Data Pipeline
- Web Identity Federation
- DynamoDB - Conditions
- DynamoDB - Permissions API
- DynamoDB - Access Control
- DynamoDB - Aggregation
- Local Secondary Indexes
- Global Secondary Indexes
- DynamoDB - Indexes
- DynamoDB - Scan
- DynamoDB - Querying
- DynamoDB - Batch Retrieve
- DynamoDB - Batch Writing
- DynamoDB - Delete Items
- DynamoDB - Update Items
- DynamoDB - Getting Items
- DynamoDB - Creating Items
- DynamoDB - API Interface
- DynamoDB - Delete Table
- DynamoDB - Query Table
- DynamoDB - Load Table
- DynamoDB - Create Table
- DynamoDB - Data Types
- DynamoDB - Operations Tools
- DynamoDB - Environment
- DynamoDB - Basic Concepts
- DynamoDB - Overview
- DynamoDB - Home
DynamoDB Useful Resources
Selected Reading
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
选读
DynamoDB - Web Identity Federation
Web Identity Federation allows you to simppfy authentication and authorization for large user groups. You can skip the creation of inspanidual accounts, and require users to login to an identity provider to get temporary credentials or tokens. It uses AWS Security Token Service (STS) to manage credentials. Apppcations use these tokens to interact with services.
Web Identity Federation also supports other identity providers such as – Amazon, Google, and Facebook.
Function − In use, Web Identity Federation first calls an identity provider for user and app authentication, and the provider returns a token. This results in the app calpng AWS STS and passing the token for input. STS authorizes the app and grants it temporary access credentials, which allow the app to use an IAM role and access resources based on popcy.
Implementing Web Identity Federation
You must perform the following three steps prior to use −
Use a supported third party identity provider to register as a developer.
Register your apppcation with the provider to obtain an app ID.
Create a single or multiple IAM roles, including popcy attachment. You must use a role per provider per app.
Assume one of your IAM roles to use Web Identity Federation. Your app must then perform a three-step process −
Authentication
Credential acquisition
Resource Access
In the first step, your app uses its own interface to call the provider and then manages the token process.
Then step two manages tokens and requires your app to send an AssumeRoleWithWebIdentity request to AWS STS. The request holds the first token, the provider app ID, and the ARN of the IAM role. The STS the provides credentials set to expire after a certain period.
In the final step, your app receives a response from STS containing access information for DynamoDB resources. It consists of access credentials, expiration time, role, and role ID.
Advertisements