Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Proposal: Support for Direct Federation #14

Open
nhawkins04 opened this issue Nov 8, 2018 · 1 comment
Open

Feature Proposal: Support for Direct Federation #14

nhawkins04 opened this issue Nov 8, 2018 · 1 comment

Comments

@nhawkins04
Copy link

nhawkins04 commented Nov 8, 2018
edited
Loading

This toolset works great to create roles for a hub-and-spoke method with a central identity account! It would be nice to also have support for roles where each account has direct federation. Right now if I try to do this, I get an error if a parent_account is not specified.

It would be nice if we could declare the configuration like this and it would have the role in each account have a trust relationship to a SAML provider configured in the same account:

accounts:
  account1:
    id: 000000000000
    saml_provider: OktaIDP
  account2:
    id: 000000000000
    saml_provider: OktaIDP
roles:
  ReadOnly:
    trusts:
      - OktaIDP
    managed_policies:
      - arn:aws:iam::aws:policy/ReadOnlyAccess
    in_accounts:
      - all

I am basing this on some of the new ways we can integrate Okta without the central identity account design: https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Amazon-Web-Service#scenarioB
@nhawkins04 nhawkins04 changed the title Support for Direct Federation Feature Proposal: Support for Direct Federation Nov 9, 2018
nhawkins04 pushed a commit to nhawkins04/aws-iam-generator that referenced this issue Nov 10, 2018
Working on issue awslabs#14 - support for building roles with direct …
a47d1cf 
…federation
nhawkins04 pushed a commit to nhawkins04/aws-iam-generator that referenced this issue Nov 19, 2018
Issue awslabs#14: Updating docs for "saml_direct: True"
96bfb5e
@nhawkins04 nhawkins04 mentioned this issue Nov 19, 2018
Closed
@nhawkins04
Copy link
Author

I have issued PR #15 that incorporates some changes to support this feature. This is working for my immediate needs but figured others might benefit from this functionality. I am very new to Python and I welcome feedback!

nhawkins04 pushed a commit to nhawkins04/aws-iam-generator that referenced this issue Nov 26, 2018
issue awslabs#14 updated policy creation with SamlDirect
a17e2d5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nhawkins04