GSuite SSO AWS - AWS Meetup POA

Transcript

1. Acesso na AWS através do GSuite

2. Hi! Filipe Oliveira API Developer at Warren Brasil @oliveirafilipe 2

3. 1. The Challenge

4. 4

5. 2. SAML 2.0

6. SAML 2.0 ⬡ Security Assertion Markup Language ⬡ Is a

   Standard ⬡ No need to remember and renew passwords, no weak passwords ⬡ Allow Single Sign-On 6

7. Types of SAML Providers 7 Service Provider Identity Provider

8. 8

9. 3. Setting

10. GSuite 10

11. GSuite Creating Custom Attribute 11

12. GSuite 12

13. GSuite 13

14. GSuite 14

15. GSuite 15

16. GSuite 16

17. GSuite 17

18. GSuite 18

19. GSuite 19 ⬡ ACS URL: https://signin.aws.amazon.com/saml ⬡ Entity ID: urn:amazon:webservices

20. GSuite 20

21. GSuite 21 ⬡ ∙ https://aws.amazon.com/SAML/Attributes/RoleSessionName ∙ Basic Information ∙ Primary

    Email ⬡ ∙ https://aws.amazon.com/SAML/Attributes/Role ∙ AWS SAML ∙ IAM_ROLE ⬡ ∙ https://aws.amazon.com/SAML/Attributes/SessionDuration ∙ AWS SAML ∙ SessionDuration

22. AWS 22

23. AWS 23

24. AWS 24

25. AWS 25

26. GSuite 26

27. GSuite 27

28. GSuite 28

29. GSuite 29 ⬡ IAM_ROLE ∙ ROLE_ARN,IDENTITY_PROVIDER_ARN

30. 4. Final Result

31. 31

32. 32

33. 5. My Impressions

34. My Impressions 34 ⬡ Easy way to Give Access To

    Collaborators ⬡ 10 minutes Configuration ⬡ Unique Login ⬡ Can't Use AWS IAM Groups ∙ You need to use Roles ⬡ Hard Configuration per User ⬡ It’s not possible to automatically assign role attribute to user based on group ∙ Couldn't find any easy way to apply bulk changes ⬡ Based On: https://medium.com/faun/how-to-configure-google-saml-for-aws-account-5eb89e2d3008

35. 35 Thanks! Any questions? You can find me at: @oliveirafilipe

    linkedin.com/in/oliveirafilipe/ ooliveirafi[email protected]