Welcome to DJ's Junk Drawer.

I will unofficially update this website on random dates within any random time interval.

Friday, January 20, 2012

Amazon brings single sign-on to AWS management

Amazon brings single sign-on to AWS management:

Amazon has made it easier for authorized business users to manage their Amazon Web Services infrastructure after signing on — once — to their corporate network.


This is the latest in a steady drip, drip, drip of functionality that Amazon adds to its services over time. This week, for example, Amazon announced free Windows “micro” instances to its EC2 Elastic Compute Cloud service on Sunday, and three days later announced the DynamoDB NoSQL database to its roster.


In this case, the aim is to make it easier for authorized users to maintain and tweak their Amazon-based services. Once the user is identified and authenticated by whomever manages the AWS account, he or she can sign onto the corporate network using existing credentials, then navigate to the AWS Management Console without re-entering a password, according to an AWS blog posted late Thursday. Before, users had to sign into the AWS Management Console separately.


When that user requests entry into the management console, the identity broker “validates that user’s access rights and provides temporary security credentials which includes the user’s permissions to access AWS. The page includes these temporary security credentials as part of the sign-in request to AWS,” according to the blog.


This all requires up-front work. The person in charge of a company’s AWS account must set up the user’s identity and federate it to the appropriate services. When the user signs into the corporate network, the identity broker pings Amazon’s Security Token Service (STS) to request temporary security credentials. Until now, those credentials gave specified users access to Amazon services for a set period of time (up to 36 hours.) Now those same credentials will be good for AWS Management Console as well.


The bulk of Amazon services — including Amazon EC2, Amazon S3, VPC, ElastiCache — support that identity federation to the management console. The company is working to add the new Amazon DynamoDB NoSQL database service to that list, said Amazon Web Services Evangelist Jeff Barr in the post.


As Microsoft beefs up its Azure cloud offering with expected Infrastructure-as-a-Service capabilities, and more OpenStack-based IaaS offerings come online, the competition to provide cloud services will only heat up.


Feature photo courtesy of Flickr user Will Merydith

No comments:

Post a Comment