Skip to content

Configure AWS IAM Role Federated

AWS Identity and Access Management (IAM) supports identity federation for delegated access to the AWS Management Console or AWS APIs. With identity federation, external identities are granted secure access to resources in your AWS accounts through IAM roles.

These external identities can come from your corporate identity provider (such as Microsoft Active Directory or from the AWS Directory Service) or from a web identity provider (such as Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID Connect-compatible provider).

We currently only support SAML 2.0 federation.


  • Refer to this guide to provision your own federated roles.
  • Refer to this guide to configure and trust your SAML 2.0 Identity Provider.

Supported SAML Identity Providers

Identity Provider AWS Azure
OKTA ✅ ❌


Field Description
SESSION ALIAS Your friendly session name in Leapp. Give it a meaningful name so it will be easier to find inside Leapp.
NAMED PROFILE Your friendly session name in the AWS credential file. You will be able to reference it from the AWS CLI with --name.
REGION Your default region of choice. Select the one which you use the most for this Session.
SAML 2.0 URL Your SAML URL interface to start the authentication flow and log into your Identity provider.
AWS IDENTIY PROVIDER ARN Your Identity Provider ID in AWS. You can find it in IAM section Identity Providers.
ROLE ARN Your IAM Role unique ID. The active Session will refer to this Role.

Video tutorial

Back to top