IAM ODIC attaching existing role

0

I am creating ODIC for github but after creating ODIC Attachting existing IAM role does not work only creating new IAM roles. Once you click on add existing role it takes you to role page and that's it.

Enter image description here

Enter image description here

Enter image description here

Owais
demandé il y a 2 mois124 vues
3 réponses
1

That's an expected behavior. When you want to configure an existing role to be assumable by the OIDC federation provider, you just need to allow it on the role trust policy. So, when you click on the button "Use an existing role" you get redirected to the IAM Role web page. Then you search for the role you want to allow, and then edit the trust policy. Your new trust policy, will look like something like this:

{
    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Allow",
        "Principal": {"Federated": "cognito-identity.amazonaws.com"},
        "Action": "sts:AssumeRoleWithWebIdentity",
        "Condition": {
            "StringEquals": {"cognito-identity.amazonaws.com:aud": "us-east-2:12345678-abcd-abcd-abcd-123456"},
            "ForAnyValue:StringLike": {"cognito-identity.amazonaws.com:amr": "unauthenticated"}
        }
    }
}

Where you will have to adapt your AUD to align it to your OIDC provider created in IAM. You have all the details described here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html

Hope this helps.

Best.

profile pictureAWS
répondu il y a 2 mois
profile picture
EXPERT
vérifié il y a 2 mois
  • Yes, I get redirected to IAM page role selection page there But How I select role there is only option to create Role not assign to ODIC i created. Trust policy is fine and I tested with creating new role. But I want to use existing role which dont seems to be possible

0

Hi Owais,

It seems like there might be a bug or a permissions issue. You could try clearing your browser cache, using a different browser, or checking the role's trust relationship settings.

profile picture
répondu il y a 2 mois
  • Could be bug as I have tried different browsers and Trust relation also works(tested with creating new role)

0
  • In post you are creating new role I am facing issue with using Existing one

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions