Open ianroberts opened 4 months ago
Thanks for the feature request, I'm not sure if we would consider this but would like to get more input from the community. Also I think this somewhat overlaps with https://github.com/aws-actions/configure-aws-credentials/issues/305.
Describe the feature
Add an option to specify the STS endpoint URL explicitly, as an alternative to deriving it automatically from the AWS region.
Use Case
I want to be able to use GitHub tokens for federated authentication to a Minio storage server - this uses an S3-compatible API for storage operations, but also includes an STS-compatible endpoint providing the
AssumeRoleWithWebIdentity
action to generate access credentials for the S3-compatible API using a federated identity token. As far as I can see this would be possible using theconfigure-aws-credentials
action if there were the option to specify an explicitendpoint
parameter in place of (or as well as) theregion
inCredentialsClient.stsClient()
:https://github.com/aws-actions/configure-aws-credentials/blob/fff2104678c2113fcefb9ae8294dc7ccb803e27c/src/CredentialsClient.ts#L33-L37
Proposed Solution
sts-endpoint
to the actionCredentialsClient
constructorSTSClient
constructor. Otherwise behave as normal, lettingSTSClient
build its own default endpoint from the region name.Other Information
No response
Acknowledgements