-
Notifications
You must be signed in to change notification settings - Fork 801
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow an optional IAM policy to be specified when assuming roles #254
Labels
Comments
/sub |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When you assume a role with AWS, you can optionally provide an IAM policy.
This would let me create temporary credentials with scoped permissions. Particularly handy for one-off tasks that you don't want to create a new role for, but want least privilege. Another use case is documenting an IAM policy for your project that other users can start with
aws-vault
, so that it's clear what permissions your service requires.An example using the AWS CLI:
What I'd like to be able to do:
I'm happy to create a PR for this option, and add it to the
exec
command. Any thoughts?I don't like how the AWS cli expects JSON as a string, and I would just specify a filename instead.
https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html#options
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html
The text was updated successfully, but these errors were encountered: