-
Change Request
-
Resolution: Unresolved
-
Major
-
6.0.36, 7.0.6, 7.2.0, 7.4.0alpha1
-
Support backlog
-
10
Currently when using AssumeRole for authentification it is necessary to specify AWS.ACCESS.KEY.ID and AWS.SECRET.ACCESS.KEY, some environments do not allow such approach. While AssumeRole is recommended to use for multi-account access, it is necessary to extend it to use "role_base" authentication.
To allow such auth mechanism need to change only a few places in Javascript:
1. Add the following between "case 'role_base':" and "case 'assume_role':" block code:
case 'assume_role_role_based':
['sts_region', 'role_arn'].forEach(function (field) {
if (typeof params !== 'object' || typeof params[field] === 'undefined' || params[field] === '') {
throw 'Required param is not set: "' + field + '".';
}
AWS.params[field] = params[field];
});
params['auth_type'] = 'role_base';
AWS.setParams(params);
AWS.params['auth_type'] = 'assume_role_role_based';
AWS.params['SessionToken'] = AWS.params['Token'];
role_arn_regex = /role\/(.+)$/;
var payload = {
'Action': 'AssumeRole',
'Version': '2011-06-15',
'RoleArn': AWS.params.role_arn,
'RoleSessionName': AWS.params.role_arn.match(role_arn_regex)[1] + 'Session',
};
credentials = AWS.getField(AWS.request('GET', AWS.params.sts_region, 'sts', AWS.prepareParams(payload), ''), 'AssumeRoleResponse.AssumeRoleResult.Credentials');
['AccessKeyId', 'SecretAccessKey', 'SessionToken'].forEach(function (field) {
if (typeof credentials !== 'object' || typeof credentials[field] === 'undefined' || credentials[field] === '') {
throw 'Required credentials are not set: "' + field + '".';
};
AWS.params[field] = credentials[field];
});
break;
2. replace the following line:
if (AWS.params.auth_type === 'role_base' || (AWS.params.auth_type === 'assume_role' & !params.includes('AssumeRole'))) {
with
if (AWS.params.auth_type === 'role_base' || AWS.params.auth_type === 'assume_role_role_based' || (AWS.params.auth_type === 'assume_role' & !params.includes('AssumeRole'))) {
- mentioned in
-
Page Loading...
