Hey there! I'm trying to figure out the easiest method to obtain an OpenID Connect (OIDC) ID token using AWS session credentials. As I understand it, the AWS STS doesn't provide a specific endpoint for obtaining an ID token that includes the role name in the 'sub' field. My goal here is to establish a trust relationship in an external system based on the 'sub' in that ID token. Any suggestions? Thanks!
1 Answer
You might want to look into using AWS Cognito for this! It's capable of handling OIDC tokens. Check out AWS's documentation on user pools and managed login for more details on how to set it up.
Got it! But how exactly can I swap my IAM Role session credentials for a Cognito ID token? Are there any specific setups I need to do for each role ARN in Cognito?