Support managed session policies for assume_role configuration #11
Comments
|
Unfortunately, this isn't supported yet by the AWS Go SDK. I created an issue: aws/aws-sdk-go#2794. |
|
I've closed out the related issue with the AWS Go SDK: aws/aws-sdk-go#2794. I was mistaken, and support is already available via input types for the assume role functions. Each of the following input types has a
|
bflad
added a commit
that referenced
this issue
Jun 3, 2020
…transitive tag keys (#39) * deps: Update github.com/aws/aws-sdk-go@v1.31.9 To ensure we have all the latest and greatest STS features and prevent any confusion over the AWS Go SDK version minimum in this libary. Updated via: ``` go get github.com/aws/aws-sdk-go@v1.31.9 go mod tidy ``` * Implement assume role duration, policy ARNs, tags, and transitive tag keys support Reference: #11 Reference: #21 Reference: #34 * mock: Support EC2 Instance Metadata Service v2 /api/token endpoint Otherwise, the updated AWS Go SDK EC2 Metadata client would return errors against the mock server. ``` === RUN TestGetSession/EC2_metadata_access_key 2020/06/02 19:07:53 [INFO] Attempting to use session-derived credentials 2020/06/02 19:07:53 [INFO] Setting custom EC2 metadata endpoint: http://127.0.0.1:60498/latest 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [INFO] Attempting to use metadata-derived credentials 2020/06/02 19:07:53 [INFO] Setting AWS metadata API timeout to 100ms 2020/06/02 19:07:53 [INFO] Setting custom metadata endpoint: "http://127.0.0.1:60498/latest" 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [INFO] Ignoring AWS metadata API endpoint at http://127.0.0.1:60498/latest as it doesn't return any instance-id TestGetSession/EC2_metadata_access_key: session_test.go:1013: expected no error, got error: No valid credential sources found for AWS Provider. Please see https://terraform.io/docs/providers/aws/index.html for more information on providing credentials for the AWS Provider ```
PhillipGameDev
added a commit
to PhillipGameDev/AWS-SDK-GO-BACKEND
that referenced
this issue
Dec 10, 2024
…transitive tag keys (#39) * deps: Update github.com/aws/aws-sdk-go@v1.31.9 To ensure we have all the latest and greatest STS features and prevent any confusion over the AWS Go SDK version minimum in this libary. Updated via: ``` go get github.com/aws/aws-sdk-go@v1.31.9 go mod tidy ``` * Implement assume role duration, policy ARNs, tags, and transitive tag keys support Reference: hashicorp/aws-sdk-go-base#11 Reference: hashicorp/aws-sdk-go-base#21 Reference: hashicorp/aws-sdk-go-base#34 * mock: Support EC2 Instance Metadata Service v2 /api/token endpoint Otherwise, the updated AWS Go SDK EC2 Metadata client would return errors against the mock server. ``` === RUN TestGetSession/EC2_metadata_access_key 2020/06/02 19:07:53 [INFO] Attempting to use session-derived credentials 2020/06/02 19:07:53 [INFO] Setting custom EC2 metadata endpoint: http://127.0.0.1:60498/latest 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [INFO] Attempting to use metadata-derived credentials 2020/06/02 19:07:53 [INFO] Setting AWS metadata API timeout to 100ms 2020/06/02 19:07:53 [INFO] Setting custom metadata endpoint: "http://127.0.0.1:60498/latest" 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [INFO] Ignoring AWS metadata API endpoint at http://127.0.0.1:60498/latest as it doesn't return any instance-id TestGetSession/EC2_metadata_access_key: session_test.go:1013: expected no error, got error: No valid credential sources found for AWS Provider. Please see https://terraform.io/docs/providers/aws/index.html for more information on providing credentials for the AWS Provider ```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Allow scoping down IAM role permissions using managed IAM policies. In addition to the STS
Policyparameter, there is now aPolicyArnsparameter that allows passing up to 10 managed policies for the session.There are a lot of benefits to this approach over passing the policy as a JSON string. I've highlighted a few reasons in the linked issue for the Terraform S3 backend.
References:
The text was updated successfully, but these errors were encountered: