Identity management - AWS Prescriptive Guidance

Identity management

To operate securely in the cloud, your starting point is to determine who can access what in your environment. This section of the guide provides recommendations on how you can implement a scalable, robust, and centralized identity and access management solution on AWS.

AWS identity management solutions offer you the option to design a centralized identity and access management system, a delegated identity and access management system, or a combination of both while ensuring strict adherence to security standards. Achieving these requirements means ensuring that the right identities can access the right resources under the right conditions. These identities could be humans within your organizations (workforce identities), applications or services within and outside AWS (machine identities), or your customers who want to sign into your applications in ways that are comfortable for them (customer identities).

Identity is now considered the primary perimeter for security. This means that getting identity management right can significantly improve your cloud security posture by eliminating unauthorized use of access, preventing accidental or intentional introduction of malicious code to systems, and ensuring secure, efficient, and compliant operations.

AWS provides fault-tolerant and highly available identity services that can help you to adequately meet your identity management requirements. These services include AWS IAM Identity Center, AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) to centrally manage workforce access to multiple AWS accounts and applications, IAM roles and IAM Roles Anywhere for secure machine-to-machine communications, and Amazon Cognito to implement secure and frictionless customer identity and access management into your web and mobile applications.

The following sections provide detailed information about managing different identity types and recommendations for implementing AWS identity services, to help you scale as your identities scale with your environment.