KuppingerCole Report
Executive View
By Graham Williamson

AWS Identity and Access Management

AWS is the largest global provider of Cloud infrastructure with extensive capabilities to suit a wide range of customer requirements for cloud-based services. The AWS platform now provides easy-to-use facilities to allow customer to better leverage their identity management environment.
By Graham Williamson
gw@kuppingercole.com

1 Introduction

In keeping with the transformational change that is occurring as increased digitalisation impacts all industry sectors, AWS has extended the identity ...

Login Free 30-day Select Access Get full Access

2 Product Description

In the past, when AWS referenced IAM they typically referred to providing access control to system functions within the AWS environment i.e. managemen ...

With the recent expansion of the IAM facilities in the AWS platform it’s not only possible to exert more control over system accounts, application u ...

Login Free 30-day Select Access Get full Access

2.1 IAM Users

AWS IAM provides the ability to create user accounts and establish their login credential requirements. In some cases, this will be just a password, i ...

Note: AWS does not provide provisioning workflows; clients can either synchronise their on-premise AD or deploy an identity manager solution with conn ...

Login Free 30-day Select Access Get full Access

2.2 Password Policy

AWS provides the facility to set a policy to control password length and strength, expiration, history and whether or not users can change their own p ...

AWS has 5 pre-defined password policy settings. Each setting can have a different profile i.e. a different password strength requirement and is assign ...

Login Free 30-day Select Access Get full Access

2.3 IAM Roles & Permissions

Roles are a simple but powerful way that AWS provides for entitlement management. An IAM role has a set of defined entitlements (permissions) and mult ...

Roles are also useful in managing access by business partners. By assigning a role to a user’s account the permissions associated with the role are ...

Login Free 30-day Select Access Get full Access

2.4 IAM Groups

AWS provides a group management facility in addition to role management. Access control by groups is often used to manage user access to specific appl ...

Login Free 30-day Select Access Get full Access

2.5 Delegated System Administration

Another improvement is the ability to manage directory administrators for on-premises facilities. In the past, AD admins would manage elevated privile ...

Login Free 30-day Select Access Get full Access

2.6 IAM Policy Management

IAM policies provide the capability to determine whether a user has permission to access a requested resource and determine what they are allowed to d ...

Login Free 30-day Select Access Get full Access

2.7 Multi-factor Authentication

A single factor system typically relies on a password credential for a user login. Two factor systems add ‘something you have’ such as a mobile de ...

Login Free 30-day Select Access Get full Access

2.8 Federation

AWS IAM fully supports SAML 2.0 for federation with remote identity providers. It is not necessary to establish all users in the AWS directory service ...

Login Free 30-day Select Access Get full Access

3 Strengths and Challenges

The AWS identity management functionality is a welcomed extension to the AWS platform. It recognizes the importance of protecting computing facilities ...

Login Free 30-day Select Access Get full Access

Copyright

©2019 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole Analysts, founded in 2004, is a global analyst company headquartered in Europe focusing on Information Security and Identity and Access Management (IAM). KuppingerCole stands for expertise, thought leadership, outstanding practical relevance, and a vendor-neutral view on the information security market segments, covering all relevant aspects like: Identity and Access Management (IAM), Governance & Auditing Tools, Cloud and Virtualization Security, Information Protection, Mobile as well as Software Security, System and Network Security, Security Monitoring, Analytics & Reporting, Governance, and Organization & Policies.

For further information, please contact clients@kuppingercole.com.

top