Add AWS Session Tags & Transitive keys #21
Comments
|
I will try looking into this as part of some other work happening in this library. 👍 |
bflad
added a commit
that referenced
this issue
Jun 3, 2020
…transitive tag keys (#39) * deps: Update github.com/aws/aws-sdk-go@v1.31.9 To ensure we have all the latest and greatest STS features and prevent any confusion over the AWS Go SDK version minimum in this libary. Updated via: ``` go get github.com/aws/aws-sdk-go@v1.31.9 go mod tidy ``` * Implement assume role duration, policy ARNs, tags, and transitive tag keys support Reference: #11 Reference: #21 Reference: #34 * mock: Support EC2 Instance Metadata Service v2 /api/token endpoint Otherwise, the updated AWS Go SDK EC2 Metadata client would return errors against the mock server. ``` === RUN TestGetSession/EC2_metadata_access_key 2020/06/02 19:07:53 [INFO] Attempting to use session-derived credentials 2020/06/02 19:07:53 [INFO] Setting custom EC2 metadata endpoint: http://127.0.0.1:60498/latest 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [INFO] Attempting to use metadata-derived credentials 2020/06/02 19:07:53 [INFO] Setting AWS metadata API timeout to 100ms 2020/06/02 19:07:53 [INFO] Setting custom metadata endpoint: "http://127.0.0.1:60498/latest" 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [INFO] Ignoring AWS metadata API endpoint at http://127.0.0.1:60498/latest as it doesn't return any instance-id TestGetSession/EC2_metadata_access_key: session_test.go:1013: expected no error, got error: No valid credential sources found for AWS Provider. Please see https://terraform.io/docs/providers/aws/index.html for more information on providing credentials for the AWS Provider ```
PhillipGameDev
added a commit
to PhillipGameDev/AWS-SDK-GO-BACKEND
that referenced
this issue
Dec 10, 2024
…transitive tag keys (#39) * deps: Update github.com/aws/aws-sdk-go@v1.31.9 To ensure we have all the latest and greatest STS features and prevent any confusion over the AWS Go SDK version minimum in this libary. Updated via: ``` go get github.com/aws/aws-sdk-go@v1.31.9 go mod tidy ``` * Implement assume role duration, policy ARNs, tags, and transitive tag keys support Reference: hashicorp/aws-sdk-go-base#11 Reference: hashicorp/aws-sdk-go-base#21 Reference: hashicorp/aws-sdk-go-base#34 * mock: Support EC2 Instance Metadata Service v2 /api/token endpoint Otherwise, the updated AWS Go SDK EC2 Metadata client would return errors against the mock server. ``` === RUN TestGetSession/EC2_metadata_access_key 2020/06/02 19:07:53 [INFO] Attempting to use session-derived credentials 2020/06/02 19:07:53 [INFO] Setting custom EC2 metadata endpoint: http://127.0.0.1:60498/latest 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [INFO] Attempting to use metadata-derived credentials 2020/06/02 19:07:53 [INFO] Setting AWS metadata API timeout to 100ms 2020/06/02 19:07:53 [INFO] Setting custom metadata endpoint: "http://127.0.0.1:60498/latest" 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [DEBUG] Mock EC2 metadata server received request: /latest/api/token 2020/06/02 19:07:53 [INFO] Ignoring AWS metadata API endpoint at http://127.0.0.1:60498/latest as it doesn't return any instance-id TestGetSession/EC2_metadata_access_key: session_test.go:1013: expected no error, got error: No valid credential sources found for AWS Provider. Please see https://terraform.io/docs/providers/aws/index.html for more information on providing credentials for the AWS Provider ```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You can now use the following arguments Tags & Transitive Tag keys when assuming a role. This allows IAM policies to use these session keys and tags in policy conditions. There's an open issue to add these to the terraform AWS provider, but I don't think that can be done until the config struct is updated within this project.
Session tags & Transitive Tag Keys documentation
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
The text was updated successfully, but these errors were encountered: