In order to gain more control over their access to AWS resources, Okta administrators often need to create numerous AWS roles. This allows them to manage which users have access to sensitive and/or expensive AWS resources. The challenge this creates is the screen below, where, throughout the day, users need to switch between various roles to get their work done. Another challenge Okta administrators face is the need to modify existing policies to cover new resources. With AWS Session Tags, you can take a new approach around attribute-based access. As resources come and go in your AWS environment, you can set a policy that grants access based on attributes. AWS Session Tags set the appropriate context for what can be accessed, ensuring that the user always has access to the correct resources. In this post, we’ll provide some details on how you can use Okta’s Dynamic SAML Attributes with AWS.