aws - session policy support via cli #9416
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #9404
Took a stab at it and this is an initial draft. I can go ahead and add tests etc. However, have a few open questions from a design perspective
Tested with a bad json policy and the traceback received was
botocore.errorfactory.MalformedPolicyDocumentException: An error occurred (MalformedPolicyDocument) when calling the AssumeRole operation: Syntax errors in policy.
I also tested it with a good session policy.
[update] - This PR supports passing in a session policy json document alongside assume role. When used, it will only allow a subset of permissions on the role assumed. The goal is to allow stakeholders to use specific actions depending on what they feel comfortable with vs opening up the full role