AWS IAM vs Oathkeeper vs Teleport
Overview
Share your Stack
Help developers discover the tools you use. Get visibility for your team's tech choices and contribute to the community's knowledge.
CLI (Node.js)
Manual
Detailed Comparison
It enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. | A cloud native Identity & Access Proxy (IAP) which authenticates and authorizes incoming HTTP requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go. | Teleport makes it easy for users to securely access infrastructure and meet the toughest compliance requirements. Teleport replaces shared credentials with short-lived certificates and is completely transparent to client-side tools. |
Manage IAM users and their access - You can create users in IAM, assign them individual security credentials (i.e., access keys, passwords, and Multi-Factor Authentication devices) or request temporary security credentials to provide users access to AWS services and resources.;Manage IAM roles and their permissions - You can create roles in IAM, and manage permissions to control which operations can be performed by the entity, or AWS service, that assumes the role. You can also define which entity is allowed to assume the role.;Manage federated users and their permissions - You can enable identity federation to allow existing identities (e.g. users) from your corporate directory or from a 3rd party such as Login with Amazon, Facebook, and Google to access the AWS Management Console, to call AWS APIs, and to access resources, without the need to create an IAM user for each identity. | Identify the user and provide the user session to API backends; Restrict access to certain resources based on a set of rules; Transform access credentials (e.g. OAuth2 Access Tokens, SAML Assertions, ...) to a format (e.g. JSON Web Token, Plaintext, Basic Authorization, ...) consumable by your API services | Isolate critical infrastructure and enforce 2FA when accessing SSH servers, Kubernetes clusters, databases, applications, and Windows desktops/servers; Provide role-based access controls (RBAC) using short-lived certificates and your existing identity management service; Log and record session activity for full auditability; Forget about managing keys, VPNs, firewalls, jump boxes, or IPs; Implement protocols such as SSH, RDP, HTTPS, Kubernetes API, MySQL, PostgreSQL, and others; Supports SAML, OIDC |
Statistics | ||
GitHub Stars - | GitHub Stars 3.5K | GitHub Stars - |
GitHub Forks - | GitHub Forks 386 | GitHub Forks - |
Stacks 1.2K | Stacks 4 | Stacks 39 |
Followers 819 | Followers 14 | Followers 55 |
Votes 26 | Votes 0 | Votes 0 |
Pros & Cons | ||
Pros
Cons
| No community feedback yet | No community feedback yet |
What are some alternatives to AWS IAM, Oathkeeper, Teleport?
Identity Management Simplified
Keycloak Enterprise-grade identity & access management, fully managed! Enable user authentication and authorization in minutes, so you can keep growing.
HashiCorp Boundary
Simple and secure remote access — to any system anywhere based on trusted identity. It enables practitioners and operators to securely access dynamic hosts and services with fine-grained authorization without requiring direct network access.
SailPoint
It provides enterprise identity governance solutions with on-premises and cloud-based identity management software for the most complex challenges.
AWS Service Catalog
AWS Service Catalog allows IT administrators to create, manage, and distribute catalogs of approved products to end users, who can then access the products they need in a personalized portal. Administrators can control which users have access to each application or AWS resource to enforce compliance with organizational business policies. AWS Service Catalog allows your organization to benefit from increased agility and reduced costs because end users can find and launch only the products they need from a catalog that you control.
Infra
It enables you to discover and access infrastructure (e.g. Kubernetes, databases). We help you connect an identity provider such as Okta or Azure active directory, and map users/groups with the permissions you set to your infrastructure.
BeyondTrust
It supports a family of privileged identity management, privileged remote access, and vulnerability management products for UNIX, Linux, Windows and Mac OS operating systems.
GCP IAM
It lets you create and manage permissions for Google Cloud resources. IAM unifies access control for Google Cloud services into a single system and presents a consistent set of operations.
Key Vault Access Policy
It determines whether a given service principal, namely an application or user group, can perform different operations on Key Vault secrets, keys, and certificates. You can assign access policies using the Azure portal, the Azure CLI, or Azure PowerShell.
ManageEngine PAM360
It empowers enterprises looking to stay ahead of this growing risk with a robust privileged access management (PAM) program that ensures no privileged access pathway to mission-critical assets is left unmanaged, unknown, or unmonitored.
Thycotic Secret Server
It is an enterprise-grade, privileged access management solution that is quickly deployable and easily managed. You can automatically discover and manage your privileged accounts through an intuitive interface, protecting against malicious activity, enterprise-wide.
