AWS

AWS Configuration

Open an root session on https://signin.aws.amazon.com

Click on Services and under the Security, Identity & Compliance tab, click on IAM

Click on Identity Providers and then click on Create a provider

In Provider type choose SAML

Enter the provider name and upload the metadata

Finalize the creation by clicking on Next step and End

Go on the Roles tab and click on Create role

Select SAML 2.0 federation

Choose the SAML provider, check Allow programmatic and AWS Management Console access

On the forth step, choose the role name and click on create

Trustelem Configuration

Go back on Settings for AWS on Trustelem and copy the AWS account ID in Subscription ID

On the same page write the identity provider name

Role Configuration

The code below allow to assign roles to users. As so, to assign roles you need to edit the script in the app settings and return the wished roles

function getRoles(user: User, groups: Groups): string[] {
 return ["Role1", "Role2"];
}

Information

AWS returns two attributes:
https://aws.amazon.com/SAML/Attributes/Role with value ARN role, ARN Provider

https://aws.amazon.com/SAML/Attributes/RoleSessionName with value user.email