Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
aws-saml-scripts/create_saml_aws.sh
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
executable file
17 lines (14 sloc)
903 Bytes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
[ $# -eq 0 ] && { echo "Usage: $0 name_of_idp "; exit 1; } | |
# call to create the saml provider in the AWS accounts | |
aws iam create-saml-provider --saml-metadata-document file://idp.xml --name $1 --profile=$2 | |
if [ $? -ne 0 ] | |
then | |
echo "creation failed, read the readme and make sure you have an IAM role to perform this action" | |
exit 1 | |
fi | |
# create iam roles that saml users can assume, currently administrator or readonly roles: | |
aws iam create-role --role-name administrator --assume-role-policy-document file://shibpolicy.json --profile=$2 | |
aws iam attach-role-policy --role-name administrator --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --profile=$2 | |
aws iam create-role --role-name readonly --assume-role-policy-document file://shibpolicy.json --profile=$2 | |
aws iam attach-role-policy --role-name readonly --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess --profile=$2 |