diff --git a/web/packages/teleport/src/Integrations/Enroll/AwsOidc/AwsOidc.tsx b/web/packages/teleport/src/Integrations/Enroll/AwsOidc/AwsOidc.tsx
index a1c4a62b18512..88993d48efcac 100644
--- a/web/packages/teleport/src/Integrations/Enroll/AwsOidc/AwsOidc.tsx
+++ b/web/packages/teleport/src/Integrations/Enroll/AwsOidc/AwsOidc.tsx
@@ -37,6 +37,7 @@ import { AwsOidcPolicyPreset } from 'teleport/services/integrations';
import { FinishDialog } from './FinishDialog';
import { useAwsOidcIntegration } from './useAwsOidcIntegration';
+import { ConfigureAwsOidcSummary } from './ConfigureAwsOidcSummary';
export function AwsOidc() {
const {
@@ -161,7 +162,13 @@ export function AwsOidc() {
{scriptUrl && (
<>
- Step 2
+
+ Step 2
+
+
diff --git a/web/packages/teleport/src/Integrations/Enroll/AwsOidc/ConfigureAwsOidcSummary.tsx b/web/packages/teleport/src/Integrations/Enroll/AwsOidc/ConfigureAwsOidcSummary.tsx
new file mode 100644
index 0000000000000..f97aa4ca0a49c
--- /dev/null
+++ b/web/packages/teleport/src/Integrations/Enroll/AwsOidc/ConfigureAwsOidcSummary.tsx
@@ -0,0 +1,87 @@
+/**
+ * Teleport
+ * Copyright (C) 2024 Gravitational, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ */
+
+import React from 'react';
+import styled from 'styled-components';
+import { Flex, Box, H3, Text } from 'design';
+import TextEditor from 'shared/components/TextEditor';
+import { ToolTipInfo } from 'shared/components/ToolTip';
+
+import useStickyClusterId from 'teleport/useStickyClusterId';
+
+export function ConfigureAwsOidcSummary({
+ roleName,
+ integrationName,
+}: {
+ roleName: string;
+ integrationName: string;
+}) {
+ const { clusterId } = useStickyClusterId();
+
+ const json = `{
+ "name": ${roleName},
+ "description": "Used by Teleport to provide access to AWS resources.",
+ "trust_policy": {
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": "sts:AssumeRoleWithWebIdentity",
+ "Principal": {
+ "Federated": "":oidc-provider/${roleName}",
+ },
+ "Condition": {
+ "StringEquals": {
+ "${clusterId}:aud": "discover.teleport",
+ }
+ }
+ }
+ ]
+ },
+ "tags": {
+ "teleport.dev/cluster": "${clusterId}",
+ "teleport.dev/integration": "${integrationName}",
+ "teleport.dev/origin": "integration_awsoidc"
+ }
+}`;
+
+ return (
+
+ Running the command in AWS CloudShell does the following:
+ 1. Configures an AWS IAM OIDC Identity Provider (IdP)
+
+ 2. Configures an IAM role named "{roleName}" to trust the IdP:
+
+
+
+
+
+
+
+ );
+}
+
+const EditorWrapper = styled(Flex)`
+ height: 300px;
+ margin-top: ${p => p.theme.space[3]}px;
+ width: 600px;
+`;