1回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
That's a really big question which has multiple answers depending on actual use cases; which identity provider you're going to use; your multi-account structure; and so on. Not something that I'd like to give specific advice on here because of those variables.
For machine-to-machine authentication this is an excellent resource.
For large-scale user authentication you definitely want to look at best practices for IAM, Single Sign-on as well as Organizations and possibly Control Tower.
I'd strongly encourage you to reach out to your local AWS account team and get advice specific to you from them.
Thank you for your response. The use case is pretty straightforward. I have existing customers (end users) with existing (secured) resources. As I am using OAuth2, we are talking about end users. I need to be able to federate their identity so as to be able to access the existing resources. All the documentation I have seen so far assumes a brand new application with new resources managed by the application. That is not us.