Difference between revisions of "Sts:AssumeRoleWithSAML"
Jump to navigation
Jump to search
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{lowercase}} | {{lowercase}} | ||
[[sts]]:AssumeRoleWithSAML | [[sts]]:AssumeRoleWithSAML | ||
+ | |||
+ | |||
+ | assume_role_policy = jsonencode({ | ||
+ | "Version": "2012-10-17", | ||
+ | "Statement": [ | ||
+ | { | ||
+ | "Effect": "Allow", | ||
+ | "Principal": { | ||
+ | "Federated": "arn:aws:iam::01234567980:[[saml-provider]]/YourGoogleAppsApp" | ||
+ | }, | ||
+ | "Action": "sts:AssumeRoleWithSAML", | ||
+ | "Condition": { | ||
+ | "StringEquals": { | ||
+ | "SAML:aud": "https://signin.aws.amazon.com/saml" | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | ] | ||
== Related == | == Related == | ||
* [[SAML Role Attribute]] | * [[SAML Role Attribute]] | ||
− | * [[assume-role-with-saml]] | + | * <code>[[assume-role-with-saml]]</code> |
* [[Not authorized to perform sts:AssumeRoleWithSAML]] | * [[Not authorized to perform sts:AssumeRoleWithSAML]] | ||
− | * [[assume_role_policy]] | + | * <code>[[assume_role_policy]]</code> |
== See also == | == See also == | ||
+ | * {{aws_iam_role_resource}} | ||
* {{aws sts}} | * {{aws sts}} | ||
* {{AWS SAML}} | * {{AWS SAML}} | ||
[[Category:AWS]] | [[Category:AWS]] |
Latest revision as of 09:15, 5 July 2024
sts:AssumeRoleWithSAML
assume_role_policy = jsonencode({ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Federated": "arn:aws:iam::01234567980:saml-provider/YourGoogleAppsApp" }, "Action": "sts:AssumeRoleWithSAML", "Condition": { "StringEquals": { "SAML:aud": "https://signin.aws.amazon.com/saml" } } } ]
Related[edit]
- SAML Role Attribute
assume-role-with-saml
- Not authorized to perform sts:AssumeRoleWithSAML
assume_role_policy
See also[edit]
aws_iam_role: assume_role_policy, iam:CreateRole
- AWS STS
(sts:)
,aws sts
[get-session-token
|get-caller-identity
|assume-role | assume-role-with-web-identity | assume-role-with-saml | get-access-key-info ]
- SAML, IdP, AWS SAML, AWS IAM, AWS SAML endpoint,
SAML:EduPersonOrgDN, SAML Role Attribute, assume-role-with-saml
Advertising: