We Keep Coding

Third party admin access in AWS via OAuth

Is there a way to grant admin access to a third party in AWS without manually creating IAM role etc, purely via OAuth flow or similar?
Context: making an app that simplifies AWS account management, and want to make the UX to "connect to my account" as simple as possible. Failed to find anything like that in AWS docs. Want the app to be able to provision and manage resources, run terraform etc.

Check this out: Identity Providers and Federation. You will still have to create pre-defined IAM roles to define what permission users will assume

Yes it's doable. You do need to create IAM roles, if you want to give your users access to everything just create an admin role with permissions of ':' on all resources.
Then you should set up some type of SAML server, active directory federation services comes with everything out of the box. You can look for some open source SAML servers.
Then you have to setup SAML federation between your user account and your SAML backend.

WSO2 Roles and Permissions for use in web application

I understand that user and roles in wso2is are use for management the carbon console, how can i use roles and permissions for use in my web app, for example, defined roles and permission and apply policies using xacml ?

You can follow this documentation to set up role-based authorization for your application.
For the permission-based authorization, you can assign those permissions to the role and achieve it.

WSO2 IS SSO structure

we trying to add structure for SSO using WSO2, In WSO2 we need to create general Roles and connect this roles with Service provider (Please note service provider doesn't has custom roles so connection will be on service provider level with WSO2 general roles) , in WSO2 we found way to mapping SP roles with WSO2 roles but that not help us, and ,the structure in image below :

Beleive you are saying that your SP application does not persist or maintain the roles, rather you want WSO2 server to do so.
And you want to control authorization based on the availability of these roles for an user.
In that case, WSO2 server has no value nor need to know of the permissions you've assigned to these roles. You just define all the roles you want in the WSO2 server. Then (given that you use Oauth) by using scopes (mapped against each or multiple roles) to define access levels, you can issue access tokens to the users with the relevant scopes (defines access levels) after checking for the roles assigned to them.
On the resource server, it can validate the scopes of the provided access token against the Identity Server and grant or deny resource availability.
Cheers

Disable proxy service creation access wso2ei

Would anyone know how to disable the access to create and delete proxy, from a user, in wso2ei?
Thank you.

You can create a particular role which only have permission to access the proxy (Not manage permissions) and assign that role to all the users who just need to access the proxy. You can refer to Admin guide on how to create roles and assign permissions.
https://docs.wso2.com/display/ADMIN44x/Configuring+Roles

Follow print exemplifying what I just did:

WSO2 API Manager (1.10.0) LDAP Roles

I have a LDAP Second store at APIM (1.10.0).
When I create one aplication, two roles is created like this:
- Application/<user>_<Name application>_PRODUCTION
- Application/<user>_<Name application>_SANDBOX
I' d like create it at LDAP automaticaly . How can I do this?

By design this role is created under Application which is an internal role. One of the benefits of creating under application is that this role can be assigned to a user of any domain(primary/secondary) where as if the role was created under a specific domain then the role would not be available for other domain users
regards,shavantha