A Self-Directed Journey to AWS Identity Federation Mastery - Open Source variant
AWS Service/Feature Coverage:
- AWS IAM users & roles
The following image provides a visual representation of what you are about to construct during this initial exercise.
You should use this architecture and associated AWS CloudFormation template for demonstration and learning purposes ONLY. The template contains default passwords and has not been hardened in any way beyond the default configuration provided by the Amazon Machine Image (AMI). Furthermore, the IdP infrastructure has been simplified to focus on the learning objectives and is not set up for availability, scalability, etc., and is not appropriate for production use.
The following list identifies the prerequisites for this workshop. If you have not assembled these elements, please the take time to do so now:
- A minimum of one (ideally two) non-production AWS account of which you are comfortable changing the security posture.
- To participate in the multiple account portion of the workshop, you must have two non-production AWS accounts. Within each AWS account, you need a native IAM user with the following permissions: iam: , ec2: , and s3:*
- To create new AWS Account, click here and then follow the on-screen instructions.
- A basic VPC within one of the accounts above in us-east-1 with one public subnet, an IGW, and appropriate routing tables.
- Note: The default VPC created for you meets these requirements. Unless you have intentionally deleted this VPC, no action is required.
- Note: If you do not have a basic VPC available, or would simply like to create a new one for this exercise, you can utilize this CloudFormation template
- A working Python 2.7.x installation on your local workstation. Python downloads
- A working AWS CLI installation on your local workstation. See the instructions.
- The Firefox browser with the SAML tracer add-on installed
- A working SSH client on your local client machine. ssh is a native utility for both Linux & mac, PuTTY is a common choice as an SSH client for Windows.
- Permissions on your local workstation to edit host file entries.