Create Roles on AWS for Azure AD assume
In this step we will create 02 roles with access rights as S3 and EC2 to close to the 02 users we created in Azure, aws-1 and aws-2.
Create AmazonS3FullAccess
- Retrieve the IAM Role, select Role in the left menu of the AWS IAM service
- Select Create role
- In Trusted entity type, select SAML federation
- In SAML 2.0 federation
- SAML 2.0–based provider, Select the AzureAD Identity Provider information we created earlier
- Select Allow programmatic and AWS Management Console access
- Then select Next
- In Add permissions, find AmazonS3FullAccess
- Select AmazonS3FullAccess, continue to select Next
- In Name, review, and create
-
In the Role details section, in the Role name section, enter
S3RoleFull -
In the Description section, enter
AmazonS3FullAccess
- Double check and select Create role
- Select View role to view the details of the newly created role
- Role creation results
Create AmazonEC2FullAccess
- Retrieve the IAM Role, select Role in the left menu of the AWS IAM service
- Select Create role
- In Trusted entity type, select SAML federation
- In SAML 2.0 federation
- SAML 2.0–based provider, Select the AzureAD Identity Provider information we created earlier
- Select Allow programmatic and AWS Management Console access
- Then select Next
- In Add permissions, find AmazonEC2FullAccess
- Select AmazonEC2FullAccess, continue to select Next
- In Name, review, and create
-
In the Role details section, in the Role name section, enter
EC2RoleFull -
In the Description section, enter
AmazonEC2FullAccess
- Double check and select Create role
- Select View role to view the details of the newly created role
- Role creation results
