Creating a federation role in Amazon Web Services
About this task
Create a federation role in Amazon Web Services (AWS) that uses PingFederate as an identity provider.
For detailed configuration information, see Creating a Role for SAML 2.0 Federation (Console) in the AWS documentation.
Steps
-
In the Amazon Web Services IAM console, on the Roles screen, click Create role.
-
On the Create Role screen, click Saml 2.0 federation.
-
In the SAML Provider list, select the identity provider that you created in Creating an identity provider in Amazon Web Services.
-
Select one of the following SAML 2.0 access methods, and then click Next: Permissions.
-
To create a role that can be assumed programmatically from the AWS API or AWS CLI, select Allow programmatic access only.
-
To create a role that can be assumed programmatically and from the console, select Allow programmatic and AWS Management Console access.
-
-
On the Attach permissions policy screen, select or create a permissions policy. Click Next: Tagging.
For more information about creating policies, see Creating IAM Policies in the AWS documentation.
-
On the Tagging screen, click Next: Review.
-
On the Review screen, in the Role name field, type a unique name for the federation role. Click Create role.
-
On the Roles screen, select the role that you created, and note the Role ARN.