Last updated 2 years ago
to your GitHub Organization or User Account
Navigate to
Click Create Role
Trusted entity type: SAML 2.0 federation
SAML 2.0-based provider: Choose the provider.
If SAML.to isn't in the list, .
Allow programmatic and AWS Management Console access
Attribute: SAML:aud
SAML:aud
Value: https://signin.aws.amazon.com/saml
https://signin.aws.amazon.com/saml
Continue the remaining steps to create the role
Copy the Role ARN
Copy the Provider ARN of SAML.to from
Choose a role in
Click the Trust Relationships tab
Click Edit trust policy
Add a Statement, update the policy, and make note of the Provider ARN
{ "Effect": "Allow", "Principal": { "Federated": "THE_PROVIDER_ARN" }, "Action": "sts:AssumeRoleWithSAML", "Condition": { "StringEquals": { "SAML:aud": "https://signin.aws.amazon.com/saml" } } }
Add the following the following block to permissions.aws.roles to saml-to.yml:
permissions.aws.roles
saml-to.yml
- name: THE-ROLE-ARN provider: variables: providerArn: THE-PROVIDER-ARN users: github: - some-github-user - another-github-user repos: github: - some-repo - another-org/some-other-repo