Is there a way to tag the roles that are created by the IAM identity centre

Are you using an external identity provider or the built-in one? Typically the "attributes" are passed by the identity provider. See https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_abac-saml.html. It'd be something similar if you are using an OIDC IdP.

Check this out to configure the attributes on Identity Center.

There are two ways to use attributes for ABAC:

1. You can configure your IdP to send the attributes through SAML assertions.
2. You can configure which attributes you use from the Attributes for access control page in the IAM Identity Center console.

If you use an external identity provider (IdP) as an identity source and choose to send attributes through the SAML assertions, you configure your IdP to pass the attributes. You cannot view attributes configured and sent by an external IdP from the Attributes for access control page in the IAM Identity Center console. When you use the ABAC tutorial for SAML, you must perform additional steps to create the role, configure the SAML IdP, and enable AWS Management Console access, see Step 3: Create roles.

If you are using a SAML-based IdP and would like to use session tags for ABAC. This tutorial will guide you through using SAML session tags for ABAC.

I also recommend reading this documentation as there are certain things about session tags that you should be aware of if you plan on using them.

Let me know if you have any other questions.