Help needed with setting up AWS IAM Role using SAML.to in GitHub Actions

[PanchoDaskalov]

Hello,

I've been hitting following error:

Forbidden: Unable to find a role named arn:aws:iam::account-id:role/tf-infra-saml, it has likely not been defined in the saml-to.yml"

Things I've already tried:

• Downloaded My Metadata from SAML.to for the GitHub org
• Created a new SAML Identity Provider in AWS IAM
• Created the Trust Relationship on the new IAM Role following template described in https://github.com/saml-to/assume-aws-role-action
• Add a new file named saml-to.yml into the repository following the template described in https://github.com/saml-to/assume-aws-role-action

Here is how my saml-to.yml looks like:

---

version: "20220101"
variables:
awsProviderArn: "PROVIDER_ARN"
awsRoleArn: "ROLE_ARN"
providers:
aws:
entityId: https://signin.aws.amazon.com/saml
acsUrl: https://signin.aws.amazon.com/saml
attributes:
https://aws.amazon.com/SAML/Attributes/RoleSessionName: "<#= repo.name #>"
https://aws.amazon.com/SAML/Attributes/SessionDuration: "3600"
https://aws.amazon.com/SAML/Attributes/Role: "<#= repo.selectedRole #>,<$= awsProviderArn $>"
permissions:
aws:
roles:
- name: <$= awsRoleArn $>
self: true

And this is how my Github Action gets invoked:

• uses: saml-to/assume-aws-role-action@v1
  with:
  role: role_arn
  region: eu-west-1
  env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  - run: aws sts get-caller-identity`

---

Any help is more than appreciated as I've been stuck on this for quite a while and apparently I am missing out on something!