Update create_saml_aws.sh

internet2 · Oct 4, 2018 · 883a099 · 883a099
1 parent c78969e
commit 883a099
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/create_saml_aws.sh b/create_saml_aws.sh
@@ -2,14 +2,15 @@
 
 [ $# -eq 0 ] && { echo "Usage: $0 name_of_idp "; exit 1; }
 
-
+# call to create the saml provider in the AWS accounts
 aws iam create-saml-provider --saml-metadata-document file://idp.xml --name $1
 if [ $? -ne -1 ]
   then
     echo "creation failed, read the readme and make sure you have an IAM role to perform this action"
     exit 1
 fi
 
+# create iam roles that saml users can assume:
 aws iam create-role --role-name administrator --assume-role-policy-document file://shibpolicy.json
 aws iam attach-role-policy --role-name administrator --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
 aws iam create-role --role-name readonly --assume-role-policy-document file://shibpolicy.json