# AWS

#### AWS Configuration

* Open an root session on <https://signin.aws.amazon.com>

* Click on Services and under the Security, Identity & Compliance tab, click on IAM

* Click on Identity Providers and then click on Create a provider

  * In Provider type choose SAML

  * Enter the provider name and upload the metadata

  * Finalize the creation by clicking on Next step and End

* Go on the Roles tab and click on Create role

  * Select SAML 2.0 federation

  * Choose the SAML provider, check Allow programmatic and AWS Management Console access

  * On the forth step, choose the role name and click on create

#### Trustelem Configuration

* Go back on Settings for AWS on Trustelem and copy the AWS account ID in Subscription ID

* On the same page write the identity provider name

#### Role Configuration

* The code below allow to assign roles to users. As so, to assign roles you need to edit the script in the app settings and return the wished roles

```ts
function getRoles(user: User, groups: Groups): string[] {
    return ["Role1", "Role2"];
}
```

#### Information

* AWS returns two attributes:

  ```exp
  https://aws.amazon.com/SAML/Attributes/Role with value ARN role, ARN Provider
  ```

  ```exp
  https://aws.amazon.com/SAML/Attributes/RoleSessionName with value user.email
  ```