Trusted identity propagation across applications

Trusted identity propagation enables Amazon services to do the following:

Authorize access to Amazon resources based on the user’s identity context.
Securely share the user’s identity context with other Amazon services.

These capabilities enable user access to be more easily defined, granted, and logged.

With trusted identity propagation, a user can sign in to an application, and that application can pass the users’ identity context in requests to access data in Amazon services. Because access is managed based on a user's identity, users don't need to use database local user credentials or assume an IAM role to access data.

Topics

Trusted identity propagation overview
Trusted identity propagation use cases
Set up trusted identity propagation
Using applications with a trusted token issuer

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

SAML 2.0 application setup

Overview