pass the output of getCallerIdentity as the name of the federated user

common-fate / granted

The easiest way to access your cloud.

https://granted.dev

MIT License

1k stars 93 forks source link

pass the output of getCallerIdentity as the name of the federated user #469

Closed Eddie023 closed 11 months ago

Eddie023 commented 12 months ago

What changed?

Why?

How did you test it?

Potential risks

Is patch release candidate?

Link to relevant docs PRs

matthewhembree commented 11 months ago

I would have preferred that federation token name be composed of splitting caller.Arn instead of using caller.UserId. Something like a strings.SplitAfter( caller.Arn, ":user/" )

The ARN will have the canonical username. It's much clearer than seeing the abstraction of AIDA... as the username in CloudTrail.

But at least we now have a determinate name, so that my console preferences will persist. Thanks!!

izanagi1995 commented 11 months ago

@Eddie023 @JoshuaWilkes This is great, but it is almost unusable for Cloudtrail audits where we want to query by username. Now we instead have the User ID in the logs.