Trusted identity propagation across applications

Trusted identity propagation enables AWS services to do the following:

Authorize access to AWS resources based on the user’s identity context.
Securely share the user’s identity context with other AWS services.

These capabilities enable user access to be more easily defined, granted, and logged.

With trusted identity propagation, a user can sign in to an application, and that application can pass the users’ identity context in requests to access data in AWS services. Because access is managed based on a user's identity, users don't need to use database local user credentials or assume an IAM role to access data.

Topics

Trusted identity propagation overview
Trusted identity propagation use cases
Set up trusted identity propagation
Using applications with a trusted token issuer

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

SAML 2.0 application setup

Overview