Aws

AWS Configuration

  • Open an root session on https://signin.aws.amazon.com

  • Click on Services and under the Security, Identity & Compliance tab, click on IAM

  • Click on Identity Providers and then click on Create a provider

    • In Provider type choose SAML

    • Enter the provider name and upload the metadata

    • Finalize the creation by clicking on Next step and End

  • Go on the Roles tab and click on Create role

    • Select SAML 2.0 federation

    • Choose the SAML provider, check Allow programmatic and AWS Management Console access

    • On the forth step, choose the role name and click on create

Trustelem Configuration

  • Go back on Settings for AWS on Trustelem and copy the AWS account ID in Subscription ID

  • On the same page write the identity provider name

Role Configuration

  • The code below allow to assign roles to users. As so, to assign roles you need to edit the script in the app settings and return the wished roles
function getRoles(user: User, groups: Groups): string[] {
    return ["Role1", "Role2"];
}

Information

  • AWS returns two attributes:

    https://aws.amazon.com/SAML/Attributes/Role with value ARN role, ARN Provider
    
    https://aws.amazon.com/SAML/Attributes/RoleSessionName with value user.email