-
-
Notifications
You must be signed in to change notification settings - Fork 989
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add role_requires_session_name #491
feat: Add role_requires_session_name #491
Conversation
This PR has been automatically marked as stale because it has been open 30 days |
Is there anything missing? Please just let me know. |
This PR has been automatically marked as stale because it has been open 30 days |
still relevant |
This PR has been automatically marked as stale because it has been open 30 days |
This PR was automatically closed because of stale in 10 days |
Description
Enforce users to set the
role-session-name
to their user name when assuming a role. See https://aws.amazon.com/blogs/security/easily-control-naming-individual-iam-role-sessions/ for details.Motivation and Context
This allows to identify user activities in AWS audit logs (e.g. EKS audit logs) based on a reliable identifier. If the user can set
role-session-name
to an arbitrary value this would not be possible.Breaking Changes
Nothing.
How Has This Been Tested?
I tested this using my fork in our AWS account.
examples/*
to demonstrate and validate my change(s)examples/*
projectspre-commit run -a
on my pull request