TechQA.

How can I supply federated users with an aws access key id/secret?

5.1k views Asked by At

We're using Auth0 to give (federated) users access to Auth0 (we've followed these instructions for setup: https://auth0.com/docs/integrations/aws#sso-with-the-aws-dashboard)

In Auth0 we've setup a simple rule system where the federated user's group membership maps to one of two different IAM roles, which gives the user either full access or read-only access (or no access at all) in the aws console.

However, I'm struggling to see how I can provide federated users with the means to get an access key id/secret linked to their account. Our wishlist is:

  1. The access key id/secret is unique per federated user, and as such is void if the federated user is deleted from the identity provider.
  2. I could manually provision a IAM role per federated user and link each user to his/her "personal" IAM role, but I'd obviously prefer not to.

All in all I guess I'd like there to be a "linked" IAM user representing each federated account.

So I guess my question is: How do allow my federated users access to personal access key id's in aws?

amazon-web-services saml-2.0 auth0
Original Q&A
2

There are 2 answers

0
RobinGower On

Federated users require temporary access keys which you can grant with aws sts assume-role.

0
Kiruthika kanagarajan On

you can create your AWS Accesskey, Secret key & token for the federated users using AssumeRoleWithSAML-cli AssumeRolewithSAML-sdk

AWS CLI Example that will provide you an credentials for federated user:

aws sts assume-role-with-saml --role-arn arn:aws:iam::AccountNumber:role/ADFS-AWS-ADMIN --principal-arn arn:aws:iam::AccountNumber:saml-provider/idp001 --saml-assertion SAMLResponsePHNhbWxwOlJlc3BvbnNlIElEPSJfMTE2MDVkYzYtYWNjOS00NGFkLTgzM2QtZjdhMWM4NTVhMmJmIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMy0wMy0wNlQxNjoxNDowMi4wNjdaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9zaWduaW4uYXdzLmFtYXpvbi5jb20vc2FtbCIgQ29uc2VudD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNvbnNlbnQ6dW5zcGVjaWZpZWQiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmSAMLResponseFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPjxJc3N1ZXIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9FQzJBTUFaLU1IMUYzQ0Quc3NvLmNvbS9hZGZzL3NlcnZpY2VzL3RydXN0PC9Jc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhSAMLResponsedHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIiAvPjwvc2FtbHA6U3RhdHVzPjxBc3NlcnRpb24gSUQ9Il9iYjJiOTg4My1hMmI3LTQ0YWUtOTc0NS1hNzZjMmQ0MjA1ZTQiIElzc3VlSW5zdGFudD0iMjAyMy0wMy0wNlQxNjoxNDowMi4wNjdaIoiBWZXJzaW9uPSIyLjAiIHhtbG5zPSJ1cm46b2FzaXM6kbmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48SXNzdWVyPmh0dHA6Ly9FQzJBTUFaLU1IMUYzQ0Quc3NvLmNvbS9hZGZzL3NlcnZpY2VzL3RydXN0PC9Jc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlNpZ25lZEluZm8+PGRzOkNhbSAMLResponsem9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPLSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiIC8+PGRzOlJlZmVyZW5jZSBVUkk9IiNfYmIyYjk4ODMtYTJiNy00NGFlLTk3NDUtYTc2YzJkNDIwNWU0Ij48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRpobT0iaHR0cDLovL3d3dy53My5vcmcvMjAiwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48ZHM6RGlnZXN0VmFsdWU+cWllODFibUdjQlFmbXlhQlppZjJRY2tIdVQwQ1lGKzJIamZ2OTVSUkYrWT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVm

Related Questions in AMAZON-WEB-SERVICES

Related Questions in SAML-2.0

Related Questions in AUTH0

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions