Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support external-id with AWS STS:AssumeRole #5329

Closed
wants to merge 1 commit into from
Closed

Support external-id with AWS STS:AssumeRole #5329

wants to merge 1 commit into from

Conversation

bpineau
Copy link

@bpineau bpineau commented Sep 12, 2018

Support external id at sts:assumerole time.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

This is a rewrite, taking comments into account, of the larger patch set initialy sent in #5033
(also re-pushed in #5033 over the previous commit, but lost in the previous discussion).

@vishalnayak vishalnayak added this to the 0.11.2 milestone Sep 17, 2018
@chrishoffman chrishoffman modified the milestones: 0.11.2, next-release Oct 1, 2018
@vishalnayak vishalnayak mentioned this pull request Oct 3, 2018
Closed
@bpineau
AWS: Allow STS AssumeRole with external_id
b856573 
Allow users to provide an external_id at assumerole creds generation time.
@bpineau bpineau force-pushed the simple-aws-sts-external-id branch from d0baf92 to b856573 Compare October 3, 2018 17:10
@chrishoffman chrishoffman modified the milestones: next-release, 0.12 Oct 9, 2018
@flyinbutrs
Copy link

Any update on this? I would very much appreciate being able to use vault with cross account roles with external IDs set.

@jefferai jefferai modified the milestones: 1.0, 1.0.1 Dec 3, 2018
@jefferai jefferai modified the milestones: 1.0.1, 1.0.2 Dec 12, 2018
@chrishoffman chrishoffman modified the milestones: 1.0.2, 1.0.3 Jan 7, 2019
@hashicorp-cla
Copy link

hashicorp-cla commented Jan 15, 2019
edited
Loading

CLA assistant check
All committers have signed the CLA.

@jefferai
Copy link
Member

jefferai commented Feb 1, 2019

@joelthompson any thoughts on this rewrite?

@jefferai jefferai modified the milestones: 1.0.3, 1.1 Feb 1, 2019
@joelthompson
Copy link
Contributor

Hi @jefferai -- my thoughts are largely the same as in the other PR. Allowing arbitrary external IDs to be specified rather than generated by Vault has certain implications on the trust model of Vault. I still think reserving a prefix for generated IDs (rather than specified IDs) is probably the best compromise.

@jefferai jefferai modified the milestones: 1.1, next-release Feb 14, 2019
@tyrannosaurus-becks
Copy link
Contributor

This PR is presently identical to #5033. Thank you so much for leading the way on the rewrite here! Closing in favor of the other because it was opened first. Much appreciated, all the same.

@pbernal pbernal removed this from the next-release milestone May 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ecosystem
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@bpineau @flyinbutrs @hashicorp-cla @jefferai @joelthompson @tyrannosaurus-becks @chrishoffman @pbernal @vishalnayak @malnick