, 10 tweets, 5 min read
My Authors
Read all threads
@AWSIdentity just supercharged🔌attribute-based access control (ABAC) by adding session tags😱. This is a powerful capability and here are all the reasons why (1/9) aws.amazon.com/blogs/aws/new-…
@AWSIdentity Session tags enable you to pass attributes from your IdP to role sessions. This means your identity no longer goes “poof”🌬️when you federate into AWS (2/9)
@AWSIdentity You can use session tags for access control and they act just like principal tags. This means your identity provider becomes the source of truth for access control in AWS (3/9)
@AWSIdentity We launched with 7 partners to make this feature available from your IdP including @pingidentity, @okta , @auth0, @OneLogin, @RSAsecurity, @IBM, and @ForgeRock (4/9)
@AWSIdentity Session tags are logged in CloudTrail during assume role making is easier for you to track, monitor, and audit who did each action when multiple humans assume a single role (5/9)
@AWSIdentity You can require specific session tag keys and values using trust policies to consistently rely on attributes for access control (6/9)
@AWSIdentity You can pass session tags from one role assumption to another (role-chaining). This helps you track the end to end path a user takes (7/9)
@AWSIdentity Session tags work for all assume role scenarios. This is one feature where I can’t wait to hear👂how customer use this capability in their workflows💻(8/9)
@AWSIdentity I will be talking about session tags and doing a demonstration during my #reinvent Access Control Confidence talk at re:Invent as will Sulay and Quint (9/9)
@AWSIdentity Happy #preinvent AWS! 🥂
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Brigid Johnson

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!