Closed pda closed 6 years ago
I also just confirmed that STS GetCallerIdentity works for plain IAM User credentials (e.g. aws-vault exec --no-session
), not just STS session tokens (e.g. aws-vault exec
), so it's likely to work for all use cases.
Perhaps later on the other strategies should be removed.
Nice one
Problem
After some AWS account spring cleaning, IAMy stopped working:
GetAwsAccountId
tries three strategies to discover the account ID:An AWS account following best-practices is unlikely to have any of things:
Solution
This PR does two things:
Before
After