This use case shows you how to use PingFederate to issue a token to Amazon Web Services (AWS) to authenticate an end-user for API access.
You can automate getting the AWS Access Key ID and AWS Secret Access Key (which are your account credentials) by using PingFederate to authenticate against the user store (such as ActiveDirectory), get a SAML assertion to federate into AWS, and then exchange the SAML assertion for an access token to make CLI commands to AWS.
Component
PingFederate 9.2
Before you begin
Make sure of the following:
- PingFederate 9.2 is installed and running.
- You have a functioning AWS SP SAML connection in PingFederate. To accomplish
this, install the AWS Connector and the AWS CLI tool. For documentation on the
AWS Command Line Interface (CLI), see the Amazon CLI User Guide.Note:
The CLI tool is installed on your hard drive (usually in a hidden folder) and includes two files: config and credentials. The credentials file is where the ID and Key are stored and look similar to this:
aws_access_key_id = ARIAIY4DSCACQLFZSULQ aws_secret_access_key = /zf8dHb2FDJQ0IPxQZeoOLftZ5gif0ve6f8gibtu