Good news for developers who use Amazon Web Services and want to make those apps available to millions of Facebook and Google users: Amazon Web Services Identity Access Management (IAM) can now “federate” Google and Facebook user identities. Oh, and it also supports its parent company’s new Login With Amazon feature, which promises that companies can “securely connect your websites and apps with millions of Amazon.com customers.”
Amazon announced identity federation for enterprise users two years ago. That let businesses grant their own employees access to AWS resources based on the users’ current corporate identity management systems. But this new federation capability spreads the net wider. This federation will let developers authenticate a user with her existing Amazon, Google or Facebook credentials, which then give her access to specific AWS resources using her existing IAM roles.
In his AWS blog post announcing the news, Jeff Wierer, IAM principal product manager, explained a basic use case:
“Imagine you’re developing a mobile app that uses the new Login with Amazon service for authentication, and part of the app’s functionality allows end users to upload an image file as their personal avatar. Behind the scenes, you want to store those images as objects in one of your S3 buckets. To enable this, you need to configure a role that is used to delegate access to users of your app. Roles are configured in two parts:
- A trust policy that specifies a trusted entity (principal)—that is, who can assume the role. In this case, the trusted entity is any authenticated Amazon.com user.
- An access policy with permissions that specify what the user can do.”
With services like this one, Amazon continues to push its cloud services as the platform of choice for developers at startups and big companies alike as more public competitors come online. Amazon CTO Werner Vogels will be on hand at Structure 2013 in June to discuss this and other topics.