Sample applications that use temporary credentials
You can use Amazon Security Token Service (Amazon STS) to create and provide trusted users with temporary security credentials that can control access to your Amazon resources. For more information about Amazon STS, see Temporary security credentials in IAM. To see how you can use Amazon STS to manage temporary security credentials, you can download the following sample applications that implement complete example scenarios:
-
Enabling Federation to Amazon Using Windows Active Directory, ADFS, and SAML 2.0
. Demonstrates how to delgate access using enterprise federation to Amazon using Windows Active Directory (AD), Active Directory Federation Services (ADFS) 2.0, and SAML (Security Assertion Markup Language) 2.0. -
Enabling custom identity broker access to the Amazon console. Demonstrates how to create a custom federation proxy that enables single sign-on (SSO) so that existing Active Directory users can sign in to the Amazon Web Services Management Console.
-
How to Use Shibboleth for Single Sign-On to the Amazon Web Services Management Console.
. Shows how to use Shibboleth and SAML to provide users with single sign-on (SSO) access to the Amazon Web Services Management Console.
Samples for web identity federation
The following sample applications illustrate how to use web identity federation with providers like Login with Amazon, Amazon Cognito, Facebook, or Google. You can trade authentication from these providers for temporary Amazon security credentials to access Amazon services.
-
Amazon Cognito Tutorials – We recommend that you use Amazon Cognito with the Amazon SDKs for mobile development. Amazon Cognito is the simplest way to manage identity for mobile apps, and it provides additional features like synchronization and cross-device identity. For more information about Amazon Cognito, see Authentication with Amplify
in the Amplify Documentation. -
Web Identity Federation Playground
. This website provides an interactive demonstration of web identity federation and the AssumeRoleWithWebIdentity
API.