In order to use
AssumeRoleWithSAML, you must configure your SAML identity provider (IdP) to issue the claims required by ECS.
IAM role must be created that specifies this SAML Provider in the trust policy.
AssumeRoleWithSAML returns a set of temporary security credentials for users who have been authenticated through a SAML authentication response.
This operation provides a mechanism for tying an enterprise identity store or directory to role-based access without user-specific credentials or configuration.
Calling
AssumeRoleWithSAML does not require the use of ECS security credentials. The identity of the caller is validated by the claims that are provided in the SAML Assertions by the identity provider.
Temporary credentials consist of an access key ID, a secret access key, and a security token.
Following condition keys are supported in the
AssumeRolePolicyDocument.