Course Introduction
Course Conclusion
Start course

Please note: this course has now been replaced with Using AWS Identity Federation to Simplify Access at Scale, which can be found here.


AWS Identity Federation is the concept of using external authorization sources to permit access to AWS Console and AWS Resources. Identity Federation comes in multiple levels that enable the use of existing directories or SAML to ensure users are accredited and authenticated to access AWS.

Intended audience

  • AWS Administrators
  • Security Engineers
  • Security Architects


  • You should review the Identity and Access Management Course
  • Have an understanding of Enterprise Identity technology such as Active Directory, LDAP; and some Open Identity Providers such as Google, Facebook, Twitter, or Amazon.

Learning Objectives

  • Understand what is Identity Federation as it relates to AWS Console Access.
  • Demonstrate the ability to set up and use Cross-Account Roles
  • Demonstrate the ability to use Simple AD for IAM authorization with Cross Account Roles
  • Understand the concepts of SAML Determine how SAML could be used for AWS Console Authorization

This Course Includes

  • 45 minutes of high-definition video
  • Live demonstration on key course concepts

What You'll Learn

  • Course Intro: What to expect from this course
  • What is Identity Federation?: This lesson defines the purpose and uses of Identity Federation
  • Types of Identity Federation: In this lesson, we’ll discuss the different ways it is used within AWS
  • Identity Federation Demos: In this lesson, we’ll walk through how to setup both Cross Account Roles using IAM User ids and using Simple AD for Authentication with Cross Account Roles
  • Course Conclusion: A wrap-up and review of the course

Now let's review what we just went over on identity federation on AWS. In conclusion, there are several ways to authenticate with AWS. AWS IAM user IDs, AWS cross account roles based on IAM user IDs, directory authentication using Simple AD with or without cross account roles, and SAML-based authentication, and there is web federation that is used to access AWS resources with OpenID, but not to gain access to the AWS console.

But here's a summary chart that can help you remember which services to use for which functions. I'm not gonna bore you with reading this chart, but you may want to save this for later reference. And before I forget, I'd like to remind you to please provide us with your feedback so I can improve this course, and make it more useful to you, and to help you learn what you need to know about Amazon identity federation, and to be more successful with Amazon's web services.



About the Author

Tom an active AWS Consultant creating and deploying AWS solutions for over five years. He has worked on numerous projects that involve everything from small lean startups on a tight budget to massive commercial Enterprises that have large-scale budgets with large-scale requirements that must be met even no matter the cost. Tom has worked for several of our United States government agencies taking the agencies to the cloud by migrating solutions from on-premise data centers to the AWS cloud in a secure solution while reducing their overall cost to operate and maintain the solution.

Personally Tom spends his available time riding his bicycle, sampling a good wine or two, enjoying a good meal and watching Formula One races.