question

shaqspeare avatar image
shaqspeare asked

Using Login with Amazon

Who can use Login with Amazon? There are two types of users: (a) Customers using their Amazon account via Login with Amazon to sign into third-party sites/apps instead of creating a new user name and password for each site/app. (b) Third-party site/app developers that integrate with Login with Amazon to reduce registration and authentication friction."
login with amazon
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

shaqspeare avatar image
shaqspeare answered
[On behalf of: dkavanagh] I would ask if that first category of users also includes IAM users? There is a special way that IAM users with a password can login to the AWS Mgmt Console which includes the account ID in the URL. I wonder if there is any way to allow those users to authenticate via this mechanism? This is important for our application that uses AssumeRoleWithWebIdentity to get session credentials. David
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

shaqspeare avatar image
shaqspeare answered
Login With Amazon does not support IAM users at this time. We are always interested in hearing feature requests and feedback from developers. Could you elaborate on your application and use case?
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

shaqspeare avatar image
shaqspeare answered
[On behalf of: dkavanagh] Thanks for getting back to me about this. We have a ec2 compatible user console that we would like to let our users use against AWS, but using easy-to-remember username/password login. We think it will be more secure than keeping copies of their access keys in our product. I've integrated "login with amazon" and can then call AssumeRoleWithWebIdentity to get session tokens. That works just fine for a top level account that has AWS enabled. We'd like to have this work for IAM users as well for all the reasons that AWS allows IAM users with separate roles and policies. Does this make sense? I could elaborate or answer questions if you have any. David
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

shaqspeare avatar image
shaqspeare answered
Thank you for the detailed explanation. Just to confirm my understanding, your users use your product to manage their own AWS services, is that correct?
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

shaqspeare avatar image
shaqspeare answered
[On behalf of: dkavanagh] Yes, that's correct. To be clear, I work for Eucalyptus on our user console. We have customers who would like to use our console, not only for eucalyptus, but aws resources as well. We're just hoping to make that as seamless as possible.
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.