Examples of using Federated user in English and their translations into German
{-}
-
Colloquial
-
Official
-
Ecclesiastic
-
Medicine
-
Financial
-
Ecclesiastic
-
Political
-
Computer
-
Programming
-
Official/political
-
Political
A federated user identified in IAM as"Bob.
Sign in to the AWS Management Console as a federated user.
Using Federated User Temporary Credentials.
In this example, the request includes the name for a federated user named Jean.
The policy allows a federated user named Carol to access the bucket.
When combined with the Subject element, they can uniquely identify the federated user.
The federated user would have permission to perform only these actions.
You can switch to a role onlywhen you are signed in as an IAM user or a federated user.
You can grant a user or a federated user permission to perform any or all of these actions.
The sessionContext andsessionIssuer section contains information about the identity that issued the session for the federated user.
A resource-based policy that explicitly names the federated user in the Principal element of the policy.
The federated user cannot get more permissions than the parent IAMuser who requested the temporary credentials.
The passed policy is attached to the temporary security credentials thatresult from the GetFederationToken API call-that is, to the federated user.
A role can be assigned to a federated user who signs in by using an external identity provider instead of IAM.
To create a role in IAM withone of the preceding managed policies for a user or a federated user to assume, see Creating Roles in the IAM User Guide.
To have a user or a federated user assume the role, see coverage of assuming roles in Using IAM Roles in the IAM User Guide.
The only exception is when the credentials are used to access a resource thathas a resource-based policy that specifically references the federated user in the Principal element of the policy.
The following Ruby code example allows a federated user with a limited set of permissions to lists keys in the specified bucket.
However, for added security, only an IAM user with the necessary permissionsshould request these temporary credentials to ensure that the federated user gets at most the permissions of the requesting IAM user. .
When a federated user signs in to AWS, the user is associated with the role and is granted the permissions that are defined in the role.
A user who belongs to an IAM group, a user who assumes a role, or a federated user who assumes a role, and that group or role has the AWS managed policy AWSCloud9Administrator attached.
The federated user is assigned these permissions because the permissions have been granted to both the IAM user who called GetFederationToken and to the federated user via the passed policy.
This is true because the effective permissions for the federated user consist of only those permissions that are granted in both the IAM user policy and the passed policy.
Remember, a federated user is granted permissions only when those permissions are explicitly granted to both the IAM user and the federated user. .
If you use one of these services and resource-based policies makes sense for your scenario,you assign permissions directly to a federated user by specifying the Amazon Resource Name of the federated user in the Principal element of the resource-based policy.
AWS allows the federated user's request only when boththe attached policy and the IAM user policy explicitly allow the federated user to perform the requested action.
The most common way to ensure that the federated user is assigned appropriate permission is to pass a policy as a parameter of the GetFederationToken API call.
When the federated user makes an AWS request,AWS evaluates the policy attached to the federated user in combination with the policy or policies attached to the IAM user whose credentials were used to call GetFederationToken.
Permissions can be granted to the federated user by the policy passed as a parameter of the GetFederationToken API call,or by a resource-based policy that explicitly names the federated user in the Principal element of the policy, as in the following example.