When accessing AWS resources in an organization, we recommend that you have a standard and repeatable authentication method for purposes of security, auditability, compliance, and the capability to support role and account separation. As part of my AWS Professional Services engagements, I have helped AWS customers establish such an authentication mechanism via federated access to the AWS Management Console. Though this was useful, many of those customers also needed the ability to access their AWS resources using our APIs. However, without federated API access, you also would need to create AWS Identity and Access Management (IAM) users, which defeats the purpose of using federation.
↧