Amazon Web Services

Amazon Web Services, Inc. is a subsidiary of Amazon that provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered, pay-as-you-go basis.

AWS IAM

Connect to AWS

Overview

Our AWS integration uses a dedicated Amazon Web Service based connector for managing AWS services.

We use SCIM protocols to connect to your AWS instance using REST APIs.

Account in AWS

IDHub pulls all AWS user account information from your AWS Instance.

User Account attribute we fetch includes (but not limited to):

First Name
Last Name
Display Name
Email-Addresses (As a unique identifier)

Our customers can choose to fetch any other attributes apart from the above as per their individual needs. With our Attribute based Access Control (ABAC), you can decide which information will be used on new user creation and which ones on user modifications.

Entitlements in AWS

IDHub AWS Connector pulls only 2 types of entitlement from AWS for provisioning and de-provisioning.

Groups
Policies

Employees of your organization can request for these as needed.

AWS Groups

As part of AWS connector, we establish connection with AWS to fetch all aws groups.

All the above groups pulled are considered as ‘Entitlements’

Users will be able to request for these from IDHub.

Upon completion of approvals based on request workflow defined by you on a particular group, the users will automatically get access to the requested group by our automated fulfillment, thus automatically providing associated policy access.

AWS Policies

As part of AWS connector, we also fetch all aws policies. These are also ‘Entitlements’ in IDHub.

Users will be able to request for these individually from IDHub.

Upon completion of approvals based on request workflow defined by you on a particular policy, the users will automatically get access to the requested policy by our automated fulfillment.

Note: If a policy is directly requested and not via a group, then on revocation of group, policy will not be removed from the user account as that was requested explicitly outside of group based policy access.

Support and Maintenance

IDHub provides out of the box connector issue support and timely maintenance as a standard quality guarantee for all of our customers having our Cloud solution. However, any customization made to existing connectors requires managed services support plan for support and maintenance.

Feature Summary

Provisioning

done

Create User in AWS IAM

done

Add User to AWS Group

done

Add User to AWS Policies

done

Modify User in AWS IAM

De-provisioning

done

Remove User from AWS IAM

done

Remove AWS Group from User

done

Remove AWS Policy from User

Reconciliation

done

Fetch Users

done

Fetch Groups

done

Fetch Policies

done

Fetch User Access to Group

done

Identity Management (User Life) east

Access Requests east

Application Entitlement Management east

Access Reconciliation east

Automated Provisioning east

Password Management east

Access Reviews (Certifications) east

Role Based Access Control (RBAC) east

Access Policy and Segregation of Duties (SoD) east

Reporting east

Compliance east

Analytics east

Atlassian Cloud east

AWS east

Entra ID (Azure) east

Databases east

Google Workspace east

LDAP east

Low Code SaaS Workflows east

Automation & Event Triggers east

API Based Triggers east

Connector Detail

Amazon Web Services

Connect to AWS

Overview

Account in AWS

Entitlements in AWS

AWS Groups

AWS Policies

Support and Maintenance

Feature Summary

Provisioning

Create User in AWS IAM

Add User to AWS Group

Add User to AWS Policies

Modify User in AWS IAM

De-provisioning

Remove User from AWS IAM

Remove AWS Group from User

Remove AWS Policy from User

Reconciliation

Fetch Users

Fetch Groups

Fetch Policies

Fetch User Access to Group

Fetch User Access to Policies