list_roles does not have a filter to only return roles matching a certain tag key value pair. This leads to a potentially high amount of API calls when many roles have to be checked.
Use Case
Example use case:
AWS RDS IAM based authentication does not allow to trace back a certain IAM role (from postgres perspective) to the user which assumed a role. A workaround is to create dedicated IAM roles for each user that wants to access the db via IAM auth. As IAM role names are limited one needs to utilise tags to store additional meta information such as the user's user id, the corresponding db etc.
Creating a program that needs to identify the role which has to be assumed is difficult without using tags.
Proposed Solution
Provide a filter parameter that allows filtering against a tag key value pair.
Other Information
No response
Acknowledgements
[ ] I may be able to implement this feature request
[ ] This feature might incur a breaking change
A note for the community
Community Note
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue, please leave a comment
jmklix
commented
4 months ago
Original feature request: https://github.com/awslabs/aws-sdk-rust/issues/1061
Describe the feature
In order to find roles with certain tags one currently has to utilise
aws_sdk_iam::client::Client:list_rolesdoes not have a filter to only return roles matching a certain tag key value pair. This leads to a potentially high amount of API calls when many roles have to be checked.Use Case
Example use case:
AWS RDS IAM based authentication does not allow to trace back a certain IAM role (from postgres perspective) to the user which assumed a role. A workaround is to create dedicated IAM roles for each user that wants to access the db via IAM auth. As IAM role names are limited one needs to utilise tags to store additional meta information such as the user's user id, the corresponding db etc.
Creating a program that needs to identify the role which has to be assumed is difficult without using tags.
Proposed Solution
Provide a filter parameter that allows filtering against a tag key value pair.
Other Information
No response
Acknowledgements
A note for the community
Community Note