Closed sosheskaz closed 8 months ago
+1, desperately need this feature
You can achieve something similar to this, without CLI though, by adding the profile to your ~/.aws/config
, like so:
[profile your-other-manually-defined-profile]
source_profile = Foo/Bar/AdministratorAccess ; granted-managed profile name
role_arn = arn:aws:...::..:role/... ; the role you want to assume
Then you can still use granted
and just select this profile from the list, and it all Just Works.
Of course, it's not as ideal as having the flexibility to assume any role, as every role needs to be added to the config manually.
Perhaps, an interesting story here would be to also allow the end-user to select from a list of roles, like AWS profiles, with a fuzzy search.
As an option, perhaps, can filter roles by a specific tag (e.g.granted=true
), to avoid having a huge list of roles to sift through.
Thanks @JoshuaWilkes! I can confirm that your PR fixes this issue! 👍🏼
In some edge cases, we may have roles which an individual has access to, but which we do not have a pre-configured profile for.
It would be useful, then, to have the ability to have Granted assume a role using the profile we give it.
Example use-case: for testing purposes, e.g. if you want to assume a newly-created role to manually act in its stead to test permissions before handing it to an application.
The implementation could look something like:
Which would then
my-base-profile
aws profilests:AssumeRole
on the provided arn using those credentials.--exec
)