-
Change Request
-
Resolution: Unresolved
-
Major
-
6.0.36, 7.0.6, 7.2.0, 7.4.0alpha1
-
Support backlog
-
10
Currently when using AssumeRole for authentification it is necessary to specify AWS.ACCESS.KEY.ID and AWS.SECRET.ACCESS.KEY, some environments do not allow such approach. While AssumeRole is recommended to use for multi-account access, it is necessary to extend it to use "role_base" authentication.
To allow such auth mechanism need to change only a few places in Javascript:
1. Add the following between "case 'role_base':" and "case 'assume_role':" block code:
case 'assume_role_role_based': ['sts_region', 'role_arn'].forEach(function (field) { if (typeof params !== 'object' || typeof params[field] === 'undefined' || params[field] === '') { throw 'Required param is not set: "' + field + '".'; } AWS.params[field] = params[field]; }); params['auth_type'] = 'role_base'; AWS.setParams(params); AWS.params['auth_type'] = 'assume_role_role_based'; AWS.params['SessionToken'] = AWS.params['Token']; role_arn_regex = /role\/(.+)$/; var payload = { 'Action': 'AssumeRole', 'Version': '2011-06-15', 'RoleArn': AWS.params.role_arn, 'RoleSessionName': AWS.params.role_arn.match(role_arn_regex)[1] + 'Session', }; credentials = AWS.getField(AWS.request('GET', AWS.params.sts_region, 'sts', AWS.prepareParams(payload), ''), 'AssumeRoleResponse.AssumeRoleResult.Credentials'); ['AccessKeyId', 'SecretAccessKey', 'SessionToken'].forEach(function (field) { if (typeof credentials !== 'object' || typeof credentials[field] === 'undefined' || credentials[field] === '') { throw 'Required credentials are not set: "' + field + '".'; }; AWS.params[field] = credentials[field]; }); break;
2. replace the following line:
if (AWS.params.auth_type === 'role_base' || (AWS.params.auth_type === 'assume_role' & !params.includes('AssumeRole'))) {
with
if (AWS.params.auth_type === 'role_base' || AWS.params.auth_type === 'assume_role_role_based' || (AWS.params.auth_type === 'assume_role' & !params.includes('AssumeRole'))) {
- mentioned in
-
Page Loading...