Snippet demonstrating how to setup AWS Federation for an OIDC provider which checks "custom claims" as session Tags
With this, you can define an AWS Trust Relationship for a role where you specify a custom claim.
Normally, AWS OIDC federation only allows you to set/use a very limited set of fields like aud:
, sub:
.
What this allows for is a very limited custom claim validation...i'm saying very limited because you apparently have to use the precise claim name aws looks for...