Middleware app for selecting a AWS role from SAML assertion.
Okta AWS Role Selector is an app for extracting AWS roles from a SAML assertion similar to the AWS SAML console: https://signin.aws.amazon.com/saml.
Okta AWS Role Selector is used to co-ordinate role selection for an app that authenticate users using an AWS SAML assertion (setup with Okta). Such an app might use the SAML assertion with STS and AssumeWithSAML to obtain a temporary AWS STS token for internal use.
Because the SAML assertions contains multiple AWS roles that the user can assume, you can use this app as a middleware for role selection using a browser-based workflow.
For setting up an app to provide the SAML assertion, see Okta AWS authentication.
- Edit
config.yaml
and provide an Okta app's metadata. Without this the app won't start - Update
config.yaml
and enter rest of AWS accounts info and register apps per account - Use
make run
to run example server.
Latest Docker image is pushed to nayyarasamuel7/okta-aws-role-selector
. To run a container for your config:
- Mount directory with your config onto
/root/config
- When running the container provide these parameters to the docker run:
-c config/<NAME_OF_YOUR_CONFIG_FILE>
. Skip this step if file is namedconfig.yaml
docker run -p 80:80 -v $(HOME):/root/config nayyarasamuel7/okta-aws-role-selector:latest -c config/my_config.yaml