Amazon

Creating a federation role in Amazon Web Services

About this task

Create a federation role in Amazon Web Services (AWS) that uses PingFederate as an identity provider.

For detailed configuration information, see Creating a Role for SAML 2.0 Federation (Console) in the AWS documentation.

Steps

  1. In the Amazon Web Services IAM console, on the Roles screen, click Create role.

  2. On the Create Role screen, click Saml 2.0 federation.

  3. In the SAML Provider list, select the identity provider that you created in Creating an identity provider in Amazon Web Services.

  4. Select one of the following SAML 2.0 access methods, and then click Next: Permissions.

    • To create a role that can be assumed programmatically from the AWS API or AWS CLI, select Allow programmatic access only.

    • To create a role that can be assumed programmatically and from the console, select Allow programmatic and AWS Management Console access.

  5. On the Attach permissions policy screen, select or create a permissions policy. Click Next: Tagging.

    For more information about creating policies, see Creating IAM Policies in the AWS documentation.

  6. On the Tagging screen, click Next: Review.

  7. On the Review screen, in the Role name field, type a unique name for the federation role. Click Create role.

  8. On the Roles screen, select the role that you created, and note the Role ARN.