Using the JWT_TIP Credentials Provider for IAM Identity Center

To configure authentication using JWT-TIP on a non-Windows machine:

1. Set the AuthenticationType property to JWT_TIP.
2. Set the web_identity_token property to the JWT obtained from your external identity provider. This token is exchanged by AWS STS during JWT-TIP authentication to obtain temporary AWS credentials.
3. Set the customer_idc_app_arn property to the customer-managed IAM Identity Center application ARN.
4. Set the application_role_arn property to the ARN of the IAM role used to perform the JWT token exchange. This role must include a trust policy that allows your external OIDC/JWT provider to call sts:AssumeRoleWithWebIdentity.
5. Set the access_role_arn property to the ARN of the IAM role that Athena should assume to make AWS API calls. This role must have permissions to run Athena queries and access required Amazon S3 and AWS Glue resources.
6. Optionally, set the role_session_name property to a friendly name for the AWS STS session.
7. Optionally, set the duration property to the duration (in seconds) for the temporary AWS credentials.