Documentation

Amazon Web Services (AWS)

Suggest Edits

Overview

Amazon Web Services (AWS) is a comprehensive cloud computing platform provided by Amazon, offering a multitude of services including computing power, storage, databases, analytics, machine learning, and networking capabilities to businesses for the development and deployment of applications and infrastructure.

Entitle can manage access to the following AWS resources:

  • SSO groups*
  • SSO Permission Sets*
  • IAM groups**
  • IAM roles
  • IAM policies
  • S3 buckets
  • EC2 instances
  • Secrets

*works only with AWS Identity Center

**works only with AWS IAM, see below

On top of the above resources, Entitle can manage access to the following AWS services: EKS, Aurora MySQL.

AWS offers three services for organizations managing user and group permissions, access to accounts, and resources: AWS Identity and Access Management (IAM), AWS IAM Identity Center, formerly AWS SSO and AWS Federated Identity. Entitle can integrate with all three services so a variety of AWS configurations are supported. If you want to learn more about identity management for AWS, we highly suggest our blog.

  • AWS SSO Basic Integration - Managing access to pre-defined permission sets and SSO groups. That is the recommended integration for most cases.

☁️

Note

If you wish to manage fine-grained access to AWS resources, such as S3 buckets, policies, IAM roles, etc., please refer to one of the guides below, based on your preferred method.

  • AWS Identity Center - Temporary permission set - A temporary permission set with the relevant Identity Center policies is granted to the user for the duration of the access request, separately for each request.
  • AWS Identity and Access Management (IAM) - A temporary permission set with the relevant legacy IAM policies is granted to the user for the duration of the access request, separately for each request.
  • AWS Federated Identity - Please contact Entitle.

Each one of the above three integration methods is implemented by a different configuration of Entitle AWS integration, and yields a different user experience according to AWS permissions and login mechanism implementations.

Updated about 1 month ago