Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide ARN of authenticated principal as output #1062

Open
1 of 2 tasks
tsibley opened this issue May 9, 2024 · 2 comments
Open
1 of 2 tasks

Provide ARN of authenticated principal as output #1062

tsibley opened this issue May 9, 2024 · 2 comments
Labels
feature-request A feature should be added or improved. p2

Comments

@tsibley
Copy link

tsibley commented May 9, 2024

Describe the feature

Similar to how the account id of the authenticated principal is set:

configure-aws-credentials/src/helpers.ts

Lines 57 to 70 in ffc9011

// Obtains account ID from STS Client and sets it as output
export async function exportAccountId(credentialsClient: CredentialsClient, maskAccountId?: boolean) {
const client = credentialsClient.stsClient;
const identity = await client.send(new GetCallerIdentityCommand({}));
const accountId = identity.Account;
if (!accountId) {
throw new Error('Could not get Account ID from STS. Did you set credentials?');
}
if (maskAccountId) {
core.setSecret(accountId);
}
core.setOutput('aws-account-id', accountId);
return accountId;
}

it would be nice to have the ARN as well (e.g. from the same STS.GetCallerIdentity call).

Beyond providing it as an output that the calling workflow can use how it pleases, I'd also like to see the ARN output to logs by default, but I understand there are privacy/security implications to consider there.

Use Case

It's very useful to be able to expose the ARN to logs or for debugging/troubleshooting. Even this GitHub Action's README includes

aws sts get-caller-identity

in examples. :-)

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change
@tsibley tsibley added feature-request A feature should be added or improved. needs-triage This issue still needs to be triaged labels May 9, 2024
@tim-finnigan
Copy link
Contributor

Thanks for the feature request. I recognize the value here, but yes there are security implications to consider like you said.

@tim-finnigan tim-finnigan self-assigned this Jul 3, 2024
@tim-finnigan tim-finnigan removed the feature-request A feature should be added or improved. label Jul 3, 2024
@tim-finnigan tim-finnigan removed their assignment Jul 3, 2024
@tim-finnigan tim-finnigan added feature-request A feature should be added or improved. p2 and removed needs-triage This issue still needs to be triaged labels Jul 3, 2024
@liljoon liljoon mentioned this issue Oct 27, 2024
Open
1 task
@injae-kim
Copy link

Fix PR: #1191

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tsibley @injae-kim @tim-finnigan