Newb - Rule If/Then Question

auth.hero · October 8, 2019, 8:42pm

I got SAML2 working to AWS IAM with Auth0 as my IDP, with a single role. Now, I am trying to implement rules to assign different AWS roles based on user app metadata. I have it working but I am wondering if this is the most efficient route. Thoughts?

function (user, context, callback) {
	console.log('[before] user.app_metadata: ' + user.app_metadata.aws_role);
  
  user.app_metadata = user.app_metadata || {};

  if (user.app_metadata.aws_role === "AWS-FullAdmin") {
    user.awsRole = 'arn:aws:iam:::role/Auth0-FullAdmin,arn:aws:iam::111:saml-provider/Auth0_SAML_Provider';
  }
if (user.app_metadata.aws_role === "AWS-ReadOnlyAccounts") {
    user.awsRole = 'arn:aws:iam::111:role/Auth0-ReadOnlyAccounts,arn:aws:iam::111:saml-provider/Auth0_SAML_Provider';
  	console.log('awsrole1 is : ' + user.awsRole);
  }
  
  user.awsRoleSession = user.name;
  context.samlConfiguration.mappings = {
    'https://aws.amazon.com/SAML/Attributes/Role': 'awsRole',
    'https://aws.amazon.com/SAML/Attributes/RoleSessionName': 'awsRoleSession'
  };

  callback(null, user, context);

}

I’m just trying something simple, which is: if user has app metadata aws_role value of AWS-FullAdmin, then pass the Admin specific AWS attribute. If aws_role is ReadOnly, pass the read only attribute.

thomas.osborn · November 3, 2019, 5:23am

Hello auth.hero, and great name!

That seems efficient to me. Was there any part you were particular concerned might be inefficient? In general, the only efficiency concerns in rules are that you avoid calling the management API too much (which you are not doing), making them too large (but your rule is very small), or making sure they end as early as possible / run quickly (which this should do).

konrad.sopala · January 8, 2024, 8:55am

Hey there!

As this topic is related to Rules - Hooks - Actions and Rules & Hooks are being deprecated soon I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!