If your application uses CILogon for authentication, then you can implement role-based access to AWS resources using CILogon identities.
Note the the instructions below use an inactive AWS Role for illustrative purposes.
- Register your CILogon client at https://cilogon.org/oauth2/register. Enter a Refresh Token Lifetime (e.g., 43200 seconds) to enable refresh tokens.
- Wait for help@cilogon.org to notify you that your client is approved.
- Ask help@cilogon.org to update your client_id to conform to AWS naming requirements
- "Audience can contain only alphanumeric characters and period (.), underscore (_), hyphen (-), and slash (/). Audience cannot be longer than 255 characters. Maximum 255 characters. Use alphanumeric and '._-/' characters."