...
Excerpt |
---|
Cornell AWS account owners can create custom AWS IAM roles and have them linked to Cornell AD so that users with Cornell netids can use Shibboleth to authenticate to AWS and be granted the privileges in the custom role. |
Using CloudFormation?
If you use or would like to try using CloudFormation to do this task, this example CloudFormation template sets up a new role (shib-dba) and assigns privileges to it. You could modify that template to customize the role name and the privileges assigned for some other type of custom role. If you take that route, you'll still need to email cloud-support@cornell.edu with the information necessary for the Cloud Team to setup the corresponding Active Directory group for Shibboleth to use.
Create a Custom Role
Follow these steps to create a new custom role in your AWS account:
...