Sample applications that use temporary credentials
You can use AWS Security Token Service (AWS STS) to create and provide trusted users with temporary security credentials that can control access to your AWS resources. For more information about AWS STS, see Temporary security credentials in IAM. To see how you can use AWS STS to manage temporary security credentials, you can download the following sample applications that implement complete example scenarios:
-
Identity Federation Sample Application for an Active Directory Use Case
. Demonstrates how to use permissions that are tied to a user defined in Active Directory (.NET/C#) to issue temporary security credentials for accessing Amazon S3 files and buckets. -
AWS Management Console Federation Proxy Sample Use Case
. Demonstrates how to create a custom federation proxy that enables single sign-on (SSO) so that existing Active Directory users can sign into the AWS Management Console (.NET/C#). -
Integrate Shibboleth with AWS Identity and Access Management
. Shows how to use Shibboleth and SAML to provide users with single sign-on (SSO) access to the AWS Management Console.
Samples for web identity federation
The following sample applications illustrate how to use web identity federation with providers like Login with Amazon, Amazon Cognito, Facebook, or Google. You can trade authentication from these providers for temporary AWS security credentials to access AWS services.
-
Amazon Cognito Tutorials – We recommend that you use Amazon Cognito with the AWS SDKs for mobile development. Amazon Cognito is the simplest way to manage identity for mobile apps, and it provides additional features like synchronization and cross-device identity. For more information about Amazon Cognito, see Amazon Cognito Identity in the AWS Mobile SDK for Android Developer Guide and Authenticate Users with Amazon Cognito Identity in the AWS Mobile SDK for iOS Developer Guide.
-
Web Identity Federation Playground
. This website provides an interactive demonstration of web identity federation and the AssumeRoleWithWebIdentity
API.