AWS IAM vs Oathkeeper: What are the differences?
Developers describe AWS IAM as "Securely control access to AWS services and resources for your users". AWS Identity and Access Management. On the other hand, Oathkeeper is detailed as "A cloud native Identity & Access Proxy". A cloud native Identity & Access Proxy (IAP) which authenticates and authorizes incoming HTTP requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
AWS IAM and Oathkeeper can be primarily classified as "Cloud Access Management" tools.
Some of the features offered by AWS IAM are:
- Manage IAM users and their access - You can create users in IAM, assign them individual security credentials (i.e., access keys, passwords, and Multi-Factor Authentication devices) or request temporary security credentials to provide users access to AWS services and resources.
- Manage IAM roles and their permissions - You can create roles in IAM, and manage permissions to control which operations can be performed by the entity, or AWS service, that assumes the role. You can also define which entity is allowed to assume the role.
- Manage federated users and their permissions - You can enable identity federation to allow existing identities (e.g. users) from your corporate directory or from a 3rd party such as Login with Amazon, Facebook, and Google to access the AWS Management Console, to call AWS APIs, and to access resources, without the need to create an IAM user for each identity.
On the other hand, Oathkeeper provides the following key features:
- Identify the user and provide the user session to API backends
- Restrict access to certain resources based on a set of rules
- Transform access credentials (e.g. OAuth2 Access Tokens, SAML Assertions, ...) to a format (e.g. JSON Web Token, Plaintext, Basic Authorization, ...) consumable by your API services
Oathkeeper is an open source tool with 1.41K GitHub stars and 62 GitHub forks. Here's a link to Oathkeeper's open source repository on GitHub.