Contains some scripts to integrate a SAML IDP with an AWS account and enable roles called administrator and readonly
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
create_saml_aws.sh
idp.xml
shibpolicy.json

README.md

aws-saml-scripts

This repo will contain some scripts to integrate a SAML IDP with an AWS account and enable roles called administrator and readonly. This is only part of a two step process when integrating an AWS account with a SAML provider. The SAML IDP will still need to be configured to release the appropriate attributes and values.

  1. make sure the ~/.aws/credential file has the appropriate key for the account intended to be integrated
  2. modify shibpolicy.json
    • change the AWS account number (123456789012) to the actual number
    • change the value after saml-provider/ to the name you want to call the IDP (defaults to login.at.internet2.edu)
  3. put the IDP metadata in idp.xml (right now, it contains the IDP metdata for login.at.internet.edu, the ICP SAML Proxy)
  4. run the create script:
    • ICP integration: create_saml_aws.sh login.at.internet2.edu
    • or: create_saml_aws.sh idp_name