在云形成中如何将可信实体与 IAM 角色的身份提供者相关联
In cloud formation how to associate Trusted entities with identity providers for an IAM role
我正在尝试创建 IAM 角色,Azure AD 将使用这些角色来托管 sso..
我已经使用 IAM 角色创建了一个 cft,现在我希望它只关联到我创建的 Saml 身份提供商。
{
"Resources": {
"FullAdminXME": {
"Type": "AWS::IAM::Role",
"Properties": {
"Description" : "SAML Role for Azure AD SSO",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AdministratorAccess"
]
}
},
还有一种方法可以让我使用云形成来创建 saml 身份提供程序。
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html
身份提供者的示例 arn
arn:aws:iam::123456789012:saml-provider/MyUniversity</SAMLProviderArn>
我只想绑定到 saml 身份提供者。
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
我已经弄明白了,请看下面的代码
"Resources": {
"FullAdminXME": {
"Type": "AWS::IAM::Role",
"Properties": {
"Description" : "SAML Role for Azure AD SSO",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement":
{
"Effect": "Allow",
"Principal": {
"Federated": { "Ref" : "SAMLID" }
},
"Action": "sts:AssumeRoleWithSAML",
"Condition": {
"StringEquals": {
"SAML:aud": "https://signin.aws.amazon.com/saml"
}
}
}
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AdministratorAccess"
]
}
我正在尝试创建 IAM 角色,Azure AD 将使用这些角色来托管 sso..
我已经使用 IAM 角色创建了一个 cft,现在我希望它只关联到我创建的 Saml 身份提供商。
{
"Resources": {
"FullAdminXME": {
"Type": "AWS::IAM::Role",
"Properties": {
"Description" : "SAML Role for Azure AD SSO",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AdministratorAccess"
]
}
},
还有一种方法可以让我使用云形成来创建 saml 身份提供程序。
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html
身份提供者的示例 arn
arn:aws:iam::123456789012:saml-provider/MyUniversity</SAMLProviderArn>
我只想绑定到 saml 身份提供者。
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
我已经弄明白了,请看下面的代码
"Resources": {
"FullAdminXME": {
"Type": "AWS::IAM::Role",
"Properties": {
"Description" : "SAML Role for Azure AD SSO",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement":
{
"Effect": "Allow",
"Principal": {
"Federated": { "Ref" : "SAMLID" }
},
"Action": "sts:AssumeRoleWithSAML",
"Condition": {
"StringEquals": {
"SAML:aud": "https://signin.aws.amazon.com/saml"
}
}
}
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AdministratorAccess"
]
}