stobrien89
commented
3 years ago Hi @vroad,
Thanks for the feature request! You may already be aware, but you are able to use the --source-identity parameter in a assume-role call in the CLI, but we'll take note of the config file feature request. Because the majority of AWS SDKs use the config file and this is functionality that, if implemented, we would like to make available across all AWS SDKs, I've created new issue to track this in our shared-sdk repository and will be escalating this internally. I'll let you know when I have an update!
github-actions[bot]
Is your feature request related to a problem? Please describe. When assuming roles with profiles specified in config file (~/.aws/config), source identity cannot be specified.
Describe the solution you'd like Source idenity is the new feature that added to STS in April, which allows you to easily identitfy who assumed IAM roles. Unlike role session names, it's preserved even after assuming other roles with role chaining.
https://aws.amazon.com/about-aws/whats-new/2021/04/aws-identity-and-access-management-now-makes-it-easier-to-relate-a-users-iam-role-activity-to-their-corporate-identity/
Most of time I use aws-vault. I already created a pull request for adding the feature, as aws-vault use their own config parser, not botocore's parser or AWS SDK for Go's parser.
https://github.com/99designs/aws-vault/pull/807
I still sometimes need to rely on AWS CLI for assuming roles, so it would be great if AWS CLI support it as well. I created the issue in this repo because configuration parser is implemented in botocore.