Federated Identity
- Associate external users (e.g. Microsoft AD) with AWS roles
- OpenID Connect (OIDC) and SAML 2.0
AWS Security Token Service (STS)
- Create and provide trusted users with temporary security credentials
- Temporary credentials are short-lived and can be configured to expire
Best Practices
- Use SSO for a centralized identity management solution
- Follow principle of least privilege
- Monitor and audit user access with CloudTrail/CloudWatch
- Use MFA and strong password policies