Perform the following steps (in AWS) to create a new IAM role and associate it with the Britive Identity Provider:

Log in to the AWS console with administrator privileges.
Open the IAM console.
Select IAM > Access Management > Roles.
Click Create role.
1. Select SAML 2.0 federation.
2. In the SAML provider, select the Britive identity provider (added as explained in the section Configuring an Identity Provider in AWS ). In this step, you are associating the Britive identity provider with the IAM role.
3. Select Allow Programmatic access and AWS Management Console access.
4. Next, the Attribute and Value fields should be populated with the following values:
  - Attribute : SAML:aud.
  - Value: https://signin.aws.amazon.com/saml
5. Under Sign-in endpoints, select the following values:
  1. Select Non-Regional endpoint as Sign-in endpoint type.
  2. Select Without unique identifiers as Sign-in URLs to include unique identifiers.
6. Click Next: Permissions.
7. From the Filter Policies, search for the required policy.
8. Select the policy.
9. Click Next: Tags. This is an optional step where you can add tags to the IAM role. The tags can be used to manage or track access to the role.
10. Click Next: Review. The Review page is displayed.
11. Enter the following values on the Review page:
  1. In Role name, enter an appropriate text as the name of the IAM role (64 characters limit) that can include alphanumeric characters and special characters such as @ or *.
  2. Enter a Role description (optional).
  3. Click Create Role. The new IAM role is created in AWS.
12. Select the newly created IAM role from the role list. A Summary page is displayed.

Documentation Index