...
- Send an email to cloud-support@cornell.edu with the following information:
- The name of your new role. In this example, that's "shib-example".
- The 12-digit account number of your AWS account.
- The name of the Cornell unit associated with the account (e.g. CALS).
- An initial list of Cornell netids you wish to be able to use this role in your account.
- Note: While we would all like to be able to simply reference another AD group here, the Shibboleth integration does not allow it. We really need that list of individual users.
- A list of Cornell netids you wish to be able to manage the users in this newly created AD group.
- The Cloudification services team will create a new AD group with the name structured like CIT-<AWS account number>-role. In the above example, the cloud team would create an AD group named "CIT-095493758574-example". You will receive notification when the AD group is created. You will also receive information about how to manage the members of that group when you want to make changes.
- Now your new custom role is ready to use. We suggest sending an email to the people who will be using it, and have them login to the AWS Web Console using this URL: http://signin.aws.cucloud.net/. If those people have access to only one role in one AWS account, they will automatically be sent to the AWS Web Console assuming that role. If a person has access to more than one "shib" role, they will be asked which role they want to assume after they login.
...