Access AWS services programmatically using trusted identity propagation
Security Blog
This article explains how to build a command-line interface (CLI) application that allows users to access AWS services using their workforce identity from identity providers (IdPs) such as Okta or Microsoft Entra ID through trusted identity propagation.
Specifically, the article covers:
- The architecture and token exchange flow of the CLI application
- Prerequisites for setting up the application, including creating an OIDC application in Okta and a customer managed application in AWS IAM Identity Center
- Installing and configuring the CLI application with the AWS CLI
- Using the CLI application to access AWS services like Amazon Athena, Amazon S3 Access Grants, and Amazon Q Business on behalf of the workforce identity
- Conclusion highlighting the benefits of the solution in enabling business users to bring their workforce identities for delegated access into AWS without needing IAM credentials or cloud backends
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Oct 28
2024
2024
How to implement trusted identity propagation for applications protected by Amazon Cognito
May 21
2026
2026
Automating identity lifecycle and security with AWS Directory Service APIs
Mar 14
2024
2024
Streamline access to most used AWS services using VPC Endpoints
Feb 7
2024
2024
Gain secure access to on-premises applications with AWS Verified Access
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.