Idea: Login to Aws with Azure AD Credentials
- Azure >> Enterprise APP >> <<Configure Azure AD SSO
- Deploy Amazon Web Services Developer App
- Single Sign On >>.SAML
- Popup to save
- Identifier: https://signin.aws.amazon.com/saml
- Reply URL: https://signin.aws.amazon.com/saml
- Save
- SAML Signing Certificate
- Download "Federation Metadata XML"
- Add the AD user's to Application's User' and Group
- AWS >> IAM >> Identity provider
- Create
- SAML
- AZADAWS
- Upload the Metadata XML
- Verify Create
- AWS>> IAM >> ROLE << This Role will Come in Azure Application
- SAML 2.0 Federations
- Choose : Earlier Created Identity provider
- Allow programmatic and AWS Management Console access
- Choose required permissions
- Create the role with Appropriate name
- AWS >> IAM >> POLICIES << This policy will allow to fetch the roles from AWS accounts.
- Choose JSON
- { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:ListRoles" ], "Resource": "*" } ] }
- Name : AzureAD_SSOUserRole_Policy.
- Create the Policy
- AWS >> IAM >> USER
- Name : AzureADRoleManager
- Choose Programmatic access
- Permission : Attach existing polices
- Choose : AzureAD_SSOUserRole_Policy
- Create User
- Copy Access and Secret key
- Azure Enterprise App >> Choose Amazon Web Services App which was deployed
- Provisoing
- Make it automatic
- Give Aws Access and Secret key
- Test and Save
- Make the "Provisioning Status" to ON
- Wait for a sync to complete
- Once Sync is Completed got the user's and Groups
- Choose the user, select Click EDIT
- Choose the AWS Role