AWS SSO Connect to External SAML Identity Provider

Create an external identity provider in AWS IAM/Access management/identity_providers/ create a SAML type identity_providers Set up an external identity provider in AWS AWS SSO/Settings Configure SAML SSO in your own identity provider Create AWS IAM role Access Management/SAML 2.0 Federation set the provider you created above as the SAML provider. Select Allow programmatic and AWS Management Console access. On the Attach Permission Policies page, select the appropriate policies to attach to the role.

Aws IAM Policy

AWS leverages a standard JSON Identity and Access Management (IAM) policy document format across many services to control authorization to resources and API actions terraform https://www.terraform.io/docs/providers/aws/r/iam_role_policy.html resource "aws_iam_role_policy" "s3_policy" { name = "s3_policy" role = "${aws_iam_role.lambda_s3_role.id}" policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Sid": "ListObjectsInBucket", "Effect": "Allow", "Action": ["s3:ListBucket"], "Resource": ["arn:aws:s3:::bucket-name"] }, { "Sid": "AllObjectActions", "Effect": "Allow", "Action": "s3:*Object", "Resource": ["arn:aws:s3:::bucket-name/*"] } ] } EOF } resource "aws_iam_role" "lambda_s3_role" { name = "lambda_s3_role" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service": "lambda.

Aws Iam Notes

REMOVE ROLE delete policy before delete role aws iam list-roles aws iam list-role-policies --role-name api-executor aws iam delete-role-policy --role-name api-executor -policy-name "log-writer" aws iam delete-role --role-name pizza-api-executor ADD ROLE POLICY aws iam put-role-policy \ --role-name pizza-api-executor \ --policy-name PizzaApiDynamoDB \ --policy-document file://./roles/dynamodb.json You need to provide a path to dynamodb.json with the file:// prefix. If you are providing an absolute path, keep in mind that you will have three slashes after file:.