How to Configure Google SAML for AWS Account

Krishna Modi
May 16 · 6 min read
Configure Google SAML for AWS Account

Prerequisites

Before you begin this guide you’ll need the following:

  • Google Suite Admin access with Super Admin privileges

Step 1 — Setup SAML App in Google Admin

Let us initiate our SAML creation process. Login to Google Admin console.

Google Admin Users page
Google User Custom Attributes
AWS Logo

Step 2 — Create SAML Identity Provider in AWS

Navigate to AWS IAM and click on Identity Providers.

Configure IAM Identity Provider for SAML

Step 3 — Configure Role for SAML Users

Now that configurations are done, it is time to create some roles and assign it to our new SAML users.

Create IAM Role for SAML User
  • saml_developer
  • saml_qa
  • saml_billing

Step 4 — Assign IAM Roles to Google Users

Once we have created identity provider and roles, we need to assign them to Google users for them to be able to access AWS using SAML login

Assign Role to SAML User

Additional Steps

To access you AWS account, go to GMail, click on App icon on right top section, scroll to bottom to find AWS icon, click on it and it should redirect you to AWS console. This might take 10 mins to reflect after assigning role to a user in Google Admin.

Access Your SAML Apps from Gmail

Conclusion

We configured Google SAML to access AWS account for user and assigned AWS IAM role to this user. Any user who is not assigned any role in Google Admin for AWS will not be able to login to AWS using SAML. This makes your AWS account available but restricted across your organisation.

If this post was helpful, please click the clap 👏 button below a few times to show your support for the author! ⬇

Faun

The Must-Read Publication for Aspiring Developers & DevOps Enthusiasts

Krishna Modi

Written by

the DevOps guy

Faun

Faun

The Must-Read Publication for Aspiring Developers & DevOps Enthusiasts