Amazon IAM enables identity federation to external services using JSON Web Tokens (JWTs)
Amazon Identity and Access Management (IAM) announces outbound identity federation, enabling customers to securely federate their identities to external services using short-lived JSON Web Tokens (JWTs). This allows customers to securely authenticate their workloads with third-party cloud providers, SaaS providers, and self-hosted applications without using long-term credentials or implementing complex workarounds.
Customers can now exchange their Amazon IAM credentials for cryptographically signed, short-lived JSON Web Tokens (JWTs), providing a simple and secure mechanism for their workloads to access external services. These tokens contain rich context about the workloads, enabling external services to implement fine-grained access control. Administrators can control access to token generation and enforce token properties (such as lifetime, audience and signing algorithms) using IAM policies and audit token usage using CloudTrail logs, allowing them to meet their organization’s security and compliance requirements.
This capability is available in all Amazon Web Services China (Beijing) Region, operated by Sinnet and the Amazon Web Services China (Ningxia) Region, operated by NWCD. To learn more about this feature, please visit Amazon IAM User Guide.