Trusted identity propagation across applications
Trusted identity propagation enables AWS services to do the following:
Authorize access to AWS resources based on the user’s identity context.
Securely share the user’s identity context with other AWS services.
These capabilities enable user access to be more easily defined, granted, and logged.
With trusted identity propagation, a user can sign in to an application, and that application can pass the users’ identity context in requests to access data in AWS services. Because access is managed based on a user's identity, users don't need to use database local user credentials or assume an IAM role to access data.