Hi,
I'm working with AWS SSO based on Jumpcloud external Idp.
I'd like to find a way to put the tag SSMSessionRunAs tag to the AWSReservedSSO role created by SSO into AWS accounts.
If I try to put the tag directly I receive:
"Cannot perform the operation on the protected role 'AWSReservedSSO_xxxxx' - this role is only modifiable by AWS"
Someone know a way to do that ? Or maybe a "plan B" or a way to add the tag SSMSessionRunAs ?
Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.
0
Assume you want to use this for SSM and not only for tagging - this post describes the process with Okta but it should be quite similar with JumpCloud. You can provide the attribute as part of the assertion and then leverage it in the Permission Set.