-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wip f: additional attribute source_identity for assume_role #25368
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Welcome @wlami 👋
It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTING guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.
Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.
Thanks again, and welcome to the community! 😃
1ca11a1
to
263a3e6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR, @wlami. I've removed the source_identity
from assume_role_with_web_identity
block since it isn't supported there. 🚀
This functionality has been released in v4.29.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Relates #22128
This PR requires an update of
aws-sdk-go-base
to versionv2.0.0-beta.17
which contains hashicorp/aws-sdk-go-base#87 (not yet released)For now you can build this PR by overriding the dependency locally in your go.mod file:
Prerequisites
You need to set env variables for the acceptance test:
To use the
source_identity
attribute in your configuration you have to adapt your IAM policies. See AWS Documentation for an in depth explanation. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.htmlShort version: In your AWS Accounts you need to setup a source principal and a target role to assume. The source principal must have permission for
sts:SetSourceIdentity
.Example:
The role to assume has to have a trust policy that allows
sts:SetSourceIdentity
like this:Output from acceptance testing: