From 90769d2d019dd453466a42b519c660554332e230 Mon Sep 17 00:00:00 2001
From: Ben Ash <bash@hashicorp.com>
Date: Wed, 26 Jun 2024 09:52:38 -0400
Subject: [PATCH] Remove max tags check

Prefer to let the AWS API enforce its own constraints. If the max number
of tags is exceeded AWS will return an error.

In addition, the check was never being enforced since it as conditional
on an invalid config error.
---
 builtin/logical/aws/path_roles.go | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/builtin/logical/aws/path_roles.go b/builtin/logical/aws/path_roles.go
index 92005c33cf40..b08548b33c14 100644
--- a/builtin/logical/aws/path_roles.go
+++ b/builtin/logical/aws/path_roles.go
@@ -16,6 +16,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/go-secure-stdlib/strutil"
+
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/helper/consts"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -642,10 +643,6 @@ func (r *awsRoleEntry) validate() error {
 
 	if len(r.SessionTags) > 0 && !strutil.StrListContains(r.CredentialTypes, assumedRoleCred) {
 		errors = multierror.Append(errors, fmt.Errorf("cannot supply session_tags when credential_type isn't %s", assumedRoleCred))
-		// https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_know
-		if len(r.SessionTags) > 50 {
-			errors = multierror.Append(errors, fmt.Errorf("cannot supply more than %d session_tags", 50))
-		}
 	}
 
 	if r.ExternalID != "" && !strutil.StrListContains(r.CredentialTypes, assumedRoleCred) {