【全新发布】轻松实现跨云身份验证：AWS 出站身份联合实战.pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Ram MaharajapuramSenior Manager,Software DevAWS IdentityVaishnavi MeruguSenior Product ManagerAWS

2、IdentityEasy cross-cloud authN:AWS outbound identity federation in actionS E C 2 3 3 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Introducing Outbound identity federationOutbound identity federation A native mechanism to federate outside AWSAWS workloadsExternal servicesAWS Lam

3、bdaAmazon EC2Amazon EKSOn-premworkloadsOther cloudservice providersSaaS providersNew AWS IAM capability that enables IAM principals to obtain short-lived,publicly verifiable JSON Web tokens(JWTs)that can be used to securely authenticate with external services.2025,Amazon Web Services,Inc.or its affi

4、liates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Demo 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Enhanced securityWhat are the benefits?2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Enhanced securityReduced com

5、plexityWhat are the benefits?2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Enhanced securityReduced complexityInteroperabilityWhat are the benefits?2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Understanding Token ClaimsStandard OIDC claims such as subject,a

6、udience,and expiration timesub”:arn:aws:iam:123456789012:role/SampleRole”,aud”:my_app_a”,exp:1747760037,iat:1747759137,jti:b4f0b85f-73d9-41a1-920d-6a0cf96ba73f,iss:abc123-def456-ghi789.tokens.sts.global.api.aws”,2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Understanding Token C