This is a quick demo for streamlining the process of creating AWS IAM Identity Center users. For usage, it is meant to be given to internal users as an onboarding process.
For reproducing the demo, you will need the following:
- NodeJS (18+)
- An AWS Account
- A delegated administrator account inside of IAM Identity Center
- Base setup of user/group permissions under the delegated administrator for access to the AWS SDK. This video should be a good tutorial. The end goal is getting the credentials, in which the
aws-sdkcan retrieve from.. - 2 Groups inside of IAM Identity Center, named "Admins" and "Developers" (the names doesn't matter).
If you would like to only run it locally, that is all that is required, but the repository also contains a Dockerfile, if needed (not required).
For the environment variables, you will create/retrieve from the following
- GROUP_ADMINISTRATORS_ID=
the group id for "Admins" - GROUP_DEVELOPERS_ID=
the group id for "Developers" - IDENTITY_STORE_ID=
the id of the identity center, which can be usually found under the access portal, or the start url, prefixed with 'd-' - JWT_STATUS_ID=
a random string - JWT_SIGNING_SECRET=
a random string - SVELTE_USERNAME=
a random string - SVELTE_PASSWORD=
a random string
If you would like to skip the authentication process for the demo, just comment out or remove the hooks.server.ts file before running/building.
After cloning + prior setup, run the following:
npm installnpm run dev
By default, you are not allowed to authenticate yourself thru traditional means. You are intended to give the EC2 a Resource Policy. Create an IAM (NOT IAM Identity Center) Role that is attached to the provisioned EC2 with the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
You can also just choose the AdministratorAccess preset policy instead. Note: if you know what you're doing, feel free to set only the required permissions