Adding Roles
- 1.
- 2.Click Create Role
- 1.Trusted entity type: SAML 2.0 federation
- 2.SAML 2.0-based provider: Choose the provider.
- 1.
- 3.Allow programmatic and AWS Management Console access
- 4.Attribute:
SAML:aud
- 5.Value:
https://signin.aws.amazon.com/saml
- 3.Continue the remaining steps to create the role
- 4.Copy the Role ARN
- 1.
- 1.
- 2.
- 3.Click the Trust Relationships tab
- 4.Click Edit trust policy
- 5.Add a Statement, update the policy, and make note of the Provider ARN
{
"Effect": "Allow",
"Principal": {
"Federated": "THE_PROVIDER_ARN"
},
"Action": "sts:AssumeRoleWithSAML",
"Condition": {
"StringEquals": {
"SAML:aud": "https://signin.aws.amazon.com/saml"
}
}
}
Add the following the following block to
permissions.aws.roles
to saml-to.yml
: - name: THE-ROLE-ARN
provider:
variables:
providerArn: THE-PROVIDER-ARN
users:
github:
- some-github-user
- another-github-user
repos:
github:
- some-repo
- another-org/some-other-repo

Last modified 3mo ago