Versions Compared

Old Version 12

changes.mady.by.user Eric A. Johnson

Saved on

compared with

New Version 13

changes.mady.by.user Marek A. Przezdziecki

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Login to your AWS account through the AWS Web console. The link http://signin.aws.cucloud.net will take you to your account.
  2. Now navigate to the IAM service dashboard and click on "Roles" in the left navigation. Alternatively, just clink on this link to get there: https://console.aws.amazon.com/iam/home?region=us-east-1#/roles
  3. Click on "Create New Role" button.
  4. Enter a named for the new role. The name must begin with the prefix "shib-" and contain no other hypens. E.g., "shib-example". Click "Next Step". 
    1. Image Removed
  5. For the next step, select "Role for Identity Provider Access" and then click on "Select" for "Grant Web Single Sign-On (WebSSO) access to SAML providers.
    1. Image Removed
  7. Select "SAML 2.0 federation" for "type of trusted entity"
    1. Image Added
  8. Select "On the next screen, select "cornell_idp" for the value of "SAML provider"
  9. Select "Allow programmatic and AWS Management Console access"
  10. The attribute will autofill with "SAML:aud". Leave as is.
  11. The value will autofill with "https://signin.aws.amazon.com/saml". Leave as is.
  12. Skip "Add Condition"
  13. Click on "Next: Permissions" button and click "Next Step".
    1. Image Removed
    The next step shows you the JSON policy document you just created. There is no need to alter it so click on "Next Step".Image Removed
  14. In the "Attach Policy" step, search for and select the existing policies you wish to assign to the new role. You can select AWS-managed policies, or custom policies that you created. You will be able to change the policies attached to the role later, so don't worry too much about getting this exactly right. You will also be able to add custom inline-policies to the role later as well. For this example, we selected the "SecurityAudit" AWS-managed policy. Click on "Next Step: Review" when you are finished selecting policies. If you don't know exactly which policy to assign, you can skip this step and not assign any.
    1. Image Removed
    2. Image Added
  15. Enter a named for the new role. The name must begin with the prefix "shib-" and contain no other hypens. E.g., "shib-example". Enter a Role Description.
    1. Image Added
  16. Review the remaining fields. Click In the next step you have a chance to confirm the configuration. Click on "Create Role".
      Image Removed
    1. Image Added

 

Setup an AD Group for the New Role

...