Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Managing Identities at Scale in the Cloud

Sébastien Stormacq - AWS Developer Advocate
September 17, 2019
Technology
1
82

Managing Identities at Scale in the Cloud

Managing identities and authorisations is a core requirement for all apps. Modern applications are required to securely manage hundreds of thousands or millions of identities.

In this talk, you will learn how you can leverage fully managed, serverless services in the cloud to securely manage your user pools. During this talk, we will address common challenges of identity management and identity federation and show how cloud-based solutions can simplify and secure your applications.

Sébastien Stormacq - AWS Developer Advocate

September 17, 2019
Tweet

More Decks by Sébastien Stormacq - AWS Developer Advocate

See All by Sébastien Stormacq - AWS Developer Advocate
Offline storage & automatic data synchronization for your web and mobile applications
sebsto
0
84
Getting Started on AWS
sebsto
0
150
OAuth Démystifié
sebsto
0
83
Deployment pipelines for your iOS / tvOS apps with Amazon EC2 Mac Instances
sebsto
0
1.7k
Server Side Serverless in Swift
sebsto
0
63
Resiliency and Availability Design Patterns for the Cloud
sebsto
1
180
Amazon TimeStream 101
sebsto
0
35
Build conversational interfaces for your customers
sebsto
0
68
Amplify your web and mobile apps development. Full stack, cloud-powered.
sebsto
0
120

Other Decks in Technology

See All in Technology
0→1開発における技術選定において一番大切なこと
bicstone
1
310
Data and AI Governance: Existing Challenges and Emerging Trends
scotthsieh825
0
140
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
1
630
開発生産性向上サービスを作るFindyが自分たちで開発生産性を爆上げした組織づくりの歩み / Findy's path to boosting its own development productivity 2024-04-17
ma3tk
0
100
"好き"との生活/Regularly update profile with GitHub Actions
judeeeee
0
140
【SORACOM UG】SIM Deep Dive セキュアエレメント編
soracom
PRO
0
220
エンタープライズ環境下での Active Directory の運用 TIPS
tamaiyutaro
1
1.4k
キャラクター制御のためのプロンプト術 for LINE Bot
uezo
0
500
CloudFrontの継続的デプロイを試してみたはなし
stknohg
PRO
0
620
「ふりかえりのふりかえり」をふりかえり、実のあるふりかえりにする
naitosatoshi
0
210
[2024年3月版] Databricksのシステムアーキテクチャ
databricksjapan
7
1.9k
シン・Kafka / shin-kafka
oracle4engineer
PRO
6
2.7k

Featured

See All Featured
KATA
mclloyd
14
12k
The Cult of Friendly URLs
andyhume
73
5.7k
Happy Clients
brianwarren
91
6.4k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Raft: Consensus for Rubyists
vanstee
130
6.2k
Navigating Team Friction
lara
177
13k
Infographics Made Easy
chrislema
237
18k
A Modern Web Designer's Workflow
chriscoyier
689
190k
Building Flexible Design Systems
yeseniaperezcruz
318
37k
Done Done
chrislema
178
15k
Building Your Own Lightsaber
phodgson
97
5.7k
Visualization
eitanlees
135
14k

Transcript

  1. Identity Management at scale in the ☁ Sébastien Stormacq |

    @sebsto Technical Evangelist, AWS EMEA

  2. Congrats ! Your app launched

  3. None

  4. userid firstname lastmail email password sebsto Sébastien Stormacq [email protected] FA34BD7543E…

    natalia Natalia Arbelaez [email protected] AA6FC2984AB…

  5. From 50 to 50.000.000 users

  6. http://blog.interactiveschools.com/blog/50-million-users-how-long-does-it-take-tech-to-reach-this-milestone

  7. What possibly can go wrong ? +,

  8. None
  9. None
  10. None
  11. None

  12. [email protected]

  13. None
  14. None

  15. Developers build features

  16. Amazon Cognito Managing Identities at Scale in the cloud AWS

    credentials and access control Customizable, hosted UI, or SDK Managed user directory Sign in with existing identities (federation) OpenID Connect and OAuth 2.0 Based

  17. Amazon Cognito – Use Cases Business to Business Enterprise Directory

    Enterprise Directory SAML IoT Scenarios AWS IoT Business to Consumer Business to Employee Enterprise Directory SAML
  18. None
  19. None
  20. None

  21. Identity Federation

  22. Identity Federation The user pool manages the overhead of handling

    the tokens that are returned from social sign-in through Facebook, Google, and Amazon, and from OpenID Connect (OIDC) and SAML IdPs. 1 Amazon Cognito user pool Authenticate Federating IdP Redirect/ post back 2 3 CUP token Idp token

  23. Access to Resources User pool authenticates users and returns standard

    tokens Amazon Cognito user pool (CUP) tokens are used to access your custom APIs Identity pool provides role-based AWS credentials to access AWS services 1 Amazon Cognito user pool Authenticate Federating IdP Redirect/ post back 2 Amazon DynamoDB Amazon S3 6 5 Amazon Cognito identity pool Get AWS credentials CUP token 4 API GW Access serverless backend Lambda CUP token 3 CUP token Idp token

  24. GE Healthcare : Health Cloud Provide radiologists and other healthcare

    professionals with a single portal to access enterprise imaging applications to view, process, and easily share images and patient cases. Every day, healthcare data flows through millions of medical devices. Close to 1 petabyte of medical imaging data is stored on Amazon S3. “Using Amazon Cognito, our customers can continue to use their existing credentials and still access our health cloud apps.” Amazon S3 User Federation Amazon Cognito user pools

  25. What are you going to change today? ✅ Managed Service

    in the cloud ✅ Build your own IDP ✅ Federate Identities ✅ Store PII Data

  26. Thank you Sébastien Stormacq | @sebsto Technical Evangelist, AWS EMEA

    Leave your feedback