Aws Re:invent 2025 - Easy Cross-cloud Authn : Aws Outbound Identity...

🦄 Making great presentations more accessible. This project aims to enhances multilingual accessibility and discoverability while maintaining the integrity of original content. Detailed transcriptions and keyframes preserve the nuances and technical insights that make each session compelling.

📖 AWS re:Invent 2025 - Easy cross-cloud authN : AWS outbound identity federation in action (SEC233)

In this video, Ram Maharajapuram and Vaishnavi Merugu introduce AWS's new feature that eliminates long-term credentials by enabling workloads to connect to external services using JSON Web Tokens (JWTs). A live demo shows an EC2 instance federating to Azure using the GetWebIdentityToken API without managing passwords or access keys. The token includes standard OIDC claims and custom AWS claims like account ID, principal tags, and compute context. The feature uses account-specific issuer URLs for tenant isolation and supports ES384 and RS256 signing algorithms. Three new condition keys control access: IdentityTokenAudience, DurationSeconds, and SigningAlgorithm. Available at no additional cost across all AWS regions, this solution enhances security by replacing two-thirds of credential-related incidents while reducing operational complexity through native integration with cloud providers like Azure, GCP, and SaaS platforms like Databricks and Snowflake.

; This article is entirely auto-generated while preserving the original presentation content as much as possible. Please note that there may be typos or inaccuracies.

Oh, it's one o'clock. Hey everyone, I hope you're having a great time at re:Invent. So before we get started, quick show of hands, how many of you hate managing passwords, access keys, and long-term credentials in general? All right, that's pretty much everybody in the audience here. So we have some great news for you, a new launch.

My name is Ram Maharajapuram. I am a Senior Software Development Manager and Head of Engineering for Security Token Service, and with me here today is Vaishnavi Merugu, a Senior Product Manager on the team. And we're here to talk to you about our latest launch that makes it easy for you to connect your workloads to external services.

Oftentimes builders have to trade off between security and ease of use, and with this new solution you no longer have to face that dilemma. You now have a native way to exchange your AWS credentials and use them to connect to any third-party services. So this could be other cloud service prov

Source: Dev.to