Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Since Adobe runs our AEM environment in AWS, we would like Adobe to make use of the AWS security features for my company

Avatar

Avatar
Shape 1
Level 1
Eric_261
Level 1

Likes

0 likes

Total Posts

4 posts

Correct Reply

0 solutions
Top badges earned
Shape 1
View profile

Avatar
Shape 1
Level 1
Eric_261
Level 1

Likes

0 likes

Total Posts

4 posts

Correct Reply

0 solutions
Top badges earned
Shape 1
View profile
Eric_261
Level 1

01-10-2020

Since Adobe runs our AEM environment in AWS, we would like Adobe to make use of the AWS security features for my company.  Here’s the specifics:

  1. We want to use AWS STS to manage access to the companies Cognito service in AWS to get access to a JWT.  This is instead of using CryptoSupport.
  2. We would like to make use of AWS Secrets Manager and/or AWS Parameter Store to protect sensitive data.  We would like to use a Customer Managed Key provided by the customer for Secrets Manager and Parameter Store.

Our objective is to not allow developer or Adobe support personnel from seeing any sensitive items like a password, api key, access credentials.  Since AWS has services that meet our needs, we would like Adobe to expose those services to us through the AEM authoring / administrative tools.

4 Comments

Avatar

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,089 likes

Total Posts

3,121 posts

Correct Reply

1,063 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,089 likes

Total Posts

3,121 posts

Correct Reply

1,063 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile
Jörg_Hoh
Employee

01-10-2020

HI,

I think this are topics you need to discuss with your CSE, because that's not standard. Regarding authentication I would recommend you to switch to use IMS ("AdminConsole") and connect it to your SAML provider. That should address a lot of the needs.

 

https://docs.adobe.com/content/help/en/experience-manager-64/administering/security/ims-config-and-a...

Avatar

Avatar
Shape 1
Level 1
Eric_261
Level 1

Likes

0 likes

Total Posts

4 posts

Correct Reply

0 solutions
Top badges earned
Shape 1
View profile

Avatar
Shape 1
Level 1
Eric_261
Level 1

Likes

0 likes

Total Posts

4 posts

Correct Reply

0 solutions
Top badges earned
Shape 1
View profile
Eric_261
Level 1

02-10-2020

As for SAML, the need is not for interactive logins.  The need to use STS is for API access back into our environment.   How do you protect secrets used to access APIs from their AEM applications?  If you use cryptosupport how do you determine if a developer or Adobe support person has accessed or compromised that secret?

Avatar

Avatar
Contributor
Employee
hamidk92094312
Employee

Likes

102 likes

Total Posts

240 posts

Correct Reply

38 solutions
Top badges earned
Contributor
Shape 1
Ignite 1
Give Back 50
Give Back 5
View profile

Avatar
Contributor
Employee
hamidk92094312
Employee

Likes

102 likes

Total Posts

240 posts

Correct Reply

38 solutions
Top badges earned
Contributor
Shape 1
Ignite 1
Give Back 50
Give Back 5
View profile
hamidk92094312
Employee

02-10-2020

Hi @Eric_261 

I suggest to discuss your points with AMS team by contacting your TAM and/or CSE. The extent of this request is beyond AEM and needs a broader understanding and feasibility check. Your participation to this community is appreciated. 

Avatar

Avatar
Contributor
Employee
hamidk92094312
Employee

Likes

102 likes

Total Posts

240 posts

Correct Reply

38 solutions
Top badges earned
Contributor
Shape 1
Ignite 1
Give Back 50
Give Back 5
View profile

Avatar
Contributor
Employee
hamidk92094312
Employee

Likes

102 likes

Total Posts

240 posts

Correct Reply

38 solutions
Top badges earned
Contributor
Shape 1
Ignite 1
Give Back 50
Give Back 5
View profile
hamidk92094312
Employee

16-12-2020

Updating the status accordingly since this is a very specific use case per my prior note.

Status changed to: Declined