L1 ConstructAWS::IAM::SAMLProvider

CfnSAMLProvider

Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0. The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS . When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP. > This operation requires [Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) . For more information, see [Enabling SAML 2.0 federated users to access the AWS Management Console](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html) and [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide* .

Import

import { CfnSAMLProvider } from 'aws-cdk-lib/aws-iam';

Or use the module namespace:

import * as iam from 'aws-cdk-lib/aws-iam';
// iam.CfnSAMLProvider

Properties

Configuration passed to the constructor as CfnSAMLProviderProps.

addPrivateKeyOptional

string

Specifies the new private key from your external identity provider. The private key must be a .pem file that uses AES-GCM or AES-CBC encryption algorithm to decrypt SAML assertions.

assertionEncryptionModeOptional

string

Specifies the encryption setting for the SAML provider.

nameOptional

string

The name of the provider to create. This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

privateKeyListOptional

IResolvable | IResolvable | SAMLPrivateKeyProperty[]

The private key metadata for the SAML provider.

removePrivateKeyOptional

string

The Key ID of the private key to remove.

samlMetadataDocumentOptional

string

An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP. For more information, see [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide*

tagsOptional

CfnTag[]

A list of tags that you want to attach to the new IAM SAML provider. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* . > If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

CloudFormation Resource

This L1 construct maps directly to the following CloudFormation resource type.

AWS::IAM::SAMLProviderView in CloudFormation Explorer

Get the AWS IAM Cheat Sheet

Everything you need to know about AWS IAM on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

LevelL1 (CloudFormation)

Moduleaws-iam

CFN TypeAWS::IAM::SAMLProvider

Properties7

Related Constructs

Explore This Service

External Links

CDK API Documentation