Let’s say, hypothetically, that you are considering building a cloud-based service and had come to that fork in the road where you had to think about how to authenticate users to your API’s.
As I was thinking about that problem, it struck me that potentially you could use the new(ish) identity and access management services from AWS. Create users, set groups and permissions, authenticate them against IAM as an identity provider of sorts. Of course after I read the FAQ where it asked if you can use it on 3rd party apps, the answer was “not yet”.
But I think you can, today.
Steps:
- New user of my API (“user”) signs up in my app/console/web page/etc
- I create a new user for them in my app and credentials in IAM
- I add them to an IAM group for something like GetObject permissions on some random S3 bucket and stick a tiny file in there
- When the user authenticates to my API using their IAM credentials (access ID/secret key), I make an auth or GetObject request on their behalf behind the scenes on the bucket they have permissions to.
- If the S3 request is successful, let them in to use my API
I plan on hacking this together the first chance I get, but if someone else gets around to it first, please let me know in the comments here on cloudnod or on twitter (@scottsanchez).
————–
Follow Scott Sanchez on twitter: http://twitter.com/scottsanchez
Notice: This article was originally posted at http://www.CloudNod.com by Scott Sanchez and is his personal opinion. Copyright 2011 Scott Sanchez, All Rights Reserved.