AWS Security Token Service (STS) now supports validation of select identity provider specific claims from Google, GitHub, CircleCI and Oracle Cloud Infrastructure in IAM role trust policies and resource control policies for OpenID Connect (OIDC) federation into AWS via the AssumeRoleWithWebIdentity API.
With this new capability, you can reference these custom claims as condition keys in IAM role trust policies and resource control policies, expanding your ability to implement fine-grained access control for federated identities and help you establish your data perimeters. This enhancement builds upon IAM’s existing OIDC federation capabilities, which allow you to grant temporary AWS credentials to users authenticated through external OIDC-compatible identity providers.
Categories: general:products/aws-iam,marketing:marchitecture/security-identity-and-compliance
Source: Amazon Web Services
Latest Posts
- Amazon Bedrock AgentCore Identity now allows you to bring your own secrets with AWS Secrets Manager
- Amazon Bedrock adds Amazon CloudWatch metrics for OpenAI- and Anthropic-compatible APIs
- Amazon SageMaker HyperPod now offers troubleshooting skills for AI coding assistants
- Amazon SageMaker HyperPod now supports EFA-only network interfaces
