SAML.to
Search
⌃K

Adding Roles

Prerequisites

Ensure SAML.to is installed to your GitHub Organization or User Account

Add or Update an IAM Role

Create a new role
  1. 1.
    Navigate to AWS IAM Roles
  2. 2.
    Click Create Role
    1. 1.
      Trusted entity type: SAML 2.0 federation
    2. 2.
      SAML 2.0-based provider: Choose the provider.
      1. 1.
        If SAML.to isn't in the list, add SAML.to to the AWS account first.
    3. 3.
      Allow programmatic and AWS Management Console access
    4. 4.
      Attribute: SAML:aud
    5. 5.
      Value: https://signin.aws.amazon.com/saml
  3. 3.
    Continue the remaining steps to create the role
  4. 4.
    Copy the Role ARN
Use an existing role
  1. 1.
    Copy the Provider ARN of SAML.to from AWS IAM Providers
    1. 1.
      If SAML.to isn't in the list, add SAML.to to the AWS account first.
  2. 2.
    Choose a role in AWS IAM Roles
  3. 3.
    Click the Trust Relationships tab
  4. 4.
    Click Edit trust policy
  5. 5.
    Add a Statement, update the policy, and make note of the Provider ARN
{
"Effect": "Allow",
"Principal": {
"Federated": "THE_PROVIDER_ARN"
},
"Action": "sts:AssumeRoleWithSAML",
"Condition": {
"StringEquals": {
"SAML:aud": "https://signin.aws.amazon.com/saml"
}
}
}

Update saml-to.yml

Add the following the following block to permissions.aws.roles to saml-to.yml:
- name: THE-ROLE-ARN
provider:
variables:
providerArn: THE-PROVIDER-ARN
users:
github:
- some-github-user
- another-github-user
repos:
github:
- some-repo
- another-org/some-other-repo
Previous
Adding AWS Accounts
Next
Roles for GitHub Actions
Last modified 3mo ago