Proof of concept for using AssumeRoleWithWebIdentity
in AWS
using GOV.UK OneLogin
as an identity provider.
- Set up a Relying Party (RP) in GOV.UK One Login, using private_key_jwt and
IdTokenSigningAlgorithm
set toRS256
(AWS does not supportES256
at this time). - Create
config.json
fromconfig.json.template
, filling out all variables apart fromaws_role_to_assume
(this is generated by the Terraform) - Run Terraform against an AWS account of your choice
- Add the output role arn to
config.json
- Install JS dependencies with
npm install
- Run the app locally with
node -e 'require("./app").run()