AWS SDK for Ruby assume_credential = Aws::AssumeRoleCredentials.new( client: Aws::STS::Client.new, role_arn: "arn:aws:iam::#{family_account_id}:role/OrganizationAccountAccessRole", role_session_name: "SessinName", policy: "Policy", ) issuer_url = "https://mysignin.internal.mycompany.com/" console_url = "https://console.aws.amazon.com/" signin_url = "https://signin.aws.amazon.com/federation" session_json = { :sessionId => assume_credential.credentials[:access_key_id], :sessionKey => assume_credential.credentials[:secret_access_key], :sessionToken => assume_credential.credentials[:session_token] }.to_json get_signin_token_url = signin_url + "?Action=getSigninToken" + "&SessionType=json&Session=" + CGI.escape(session_json) returned_content = URI.parse(get_signin_token_url).read signin_token = JSON.parse(returned_content)['SigninToken'] signin_token_param = "&SigninToken=" + CGI.escape(signin_token) issuer_param = "&Issuer=" + CGI.escape(issuer_url) destination_param = "&Destination=" + CGI.escape(console_url) login_url = signin_url + "?Action=login" + signin_token_param + issuer_param + destination_param そもそもIAMの作成の必要もないので、さらに楽